Deeplinkshttps://www.eff.org/rss/updates.xml/Online-Behavioral-Tracking
EFF's Deeplinks Blog: Noteworthy news from around the internetenWith New Browser Tech, Apple Preserves Privacy and Google Preserves Trackershttps://www.eff.org/deeplinks/2017/06/with-new-browser-tech-apple-preserves-privacy-google-preserves-trackers
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p id="magicdomid2">Recently Google and Apple announced plans to respond to complaints about online advertising. Both companies will implement changes to their browsers to neutralize some of the most annoying ad formats, but only Apple has chosen to address concerns around user privacy.</p>
<p>Starting sometime in 2018, Google's Chrome browser will begin blocking all ads on websites that do not follow new recommendations laid down by the industry group the <a href="https://blog.chromium.org/2017/06/improving-advertising-on-web.html">Coalition for Better Ads</a> (CBA). Chrome will implement this standard, known as the <a href="https://www.betterads.org/standards/">Better Ads Standard</a>, and ban formats widely regarded as obnoxious such as pop-ups, autoplay videos with audio, and interstitial ads that obscure the whole page. Google and its partners worry that these formats are alienating users and driving the adoption of ad blockers. While we welcome the willingness to tackle annoying ads, the CBA's criteria do not address a key reason <a href="https://today.yougov.com/news/2016/09/02/why-people-use-ad-blockers/">many</a> of us install ad blockers: to protect ourselves against the non-consensual tracking and surveillance that permeates the advertising ecosystem operated by the members of the CBA.</p>
<p>Google's approach contrasts starkly with Apple’s. Apple's browser, Safari, will use a method called <a href="https://webkit.org/blog/7675/intelligent-tracking-prevention/">intelligent tracking prevention</a> to prevent tracking by third parties—that is, sites that are rarely visited intentionally but are incorporated on many other sites for advertising purposes—that use cookies and other techniques to track us as we move through the web. Safari will use machine learning in the browser (which means the data never leaves your computer) to learn which cookies represent a tracking threat and disarm them. This approach is similar to that used in EFF's <a href="https://www.eff.org/privacybadger">Privacy Badger</a>, and we are excited to see it in Safari.</p>
<p><strong>Users Can Opt In to Publisher Payments</strong><strong>—But Not Out of Tracking</strong><br />
In tandem with their Better Ads enforcement, Google will also launch a companion program, Funding Choices, that will enable CBA-compliant sites to ask Chrome users with content blockers to whitelist their site and unblock their ads. Should the user refuse, they can either pay for an "ad-free experience" or be locked out by a publisher's adblock wall. Payment is to be made using a Google product called <a href="https://en.wikipedia.org/wiki/Google_Contributor">Contributor</a>, first deployed in 2015. Contributor lets people pay sites to avoid being simply <em>shown</em> Google ads, but does not prevent Google, the site, or any other advertisers from <em><a href="https://twitter.com/lukemulks/status/870779626078982144">continuing to track</a></em> people who pay into the Contributor program. This approach is consistent with the ad industry's dogged defense of tracking, and its refusal to honor user signals such as<a href="//www.eff.org/issues/do-not-track"> Do Not Track</a>. The industry's sole response has been to create a system called AdChoices, which offers users a complicated and inefficient opt-out from targeted ads, but <i>not</i> from the data collection and the behavioral tracking behind the targeting. By that logic, it is okay to track and spy on people who opt out—as long as you don’t remind them that they are being tracked!</p>
<p>With a vast network of websites that display its ads, and over 50 percent of the browser market, Google has the power to address the ad quality problem by requiring sites to control the types of ads they show or risk losing all income from Chrome users. Google's motivation is strong because, collectively, ad blockers are undermining Google's revenue from programs like <a href="https://support.google.com/adwords/answer/2472739?hl=en-GB">DoubleClick AdExchange</a>, <a href="https://en.wikipedia.org/wiki/AdSense">AdSense</a>, <a href="https://support.google.com/adwords/answer/2472739?hl=en-GB">Adwords</a>—or, in the case of Adblock Plus and Adblock, unblocking those ads but demanding payments in exchange. While Google Chrome has mostly allowed users to install the ad- and <a href="https://www.eff.org/privacybadger">tracker-blocking tools</a> of their choice, there is always the risk that Google may seek to neutralize any blocking capability not under its direct control. This is no imaginary threat: in 2014, the Android Play Store <a href="https://www.eff.org/deeplinks/2014/08/blocking-consumer-choice-googles-dangerous-ban-privacy-security-app">banned </a><a href="https://www.eff.org/deeplinks/2014/08/blocking-consumer-choice-googles-dangerous-ban-privacy-security-app">Disconnect Mobile</a>, a privacy app designed to prevent third party tracking. And in January of this year, the Chrome store <a href="https://www.fastcompany.com/3068920/google-adnauseum-ad-blocking-war">kicked out</a><a href="https://www.fastcompany.com/3068920/google-adnauseum-ad-blocking-war"> AdNauseam</a>, an <a href="http://obfuscationsymposium.org/obfuscation-tools/">obfuscation</a> and anti-tracking tool that unblocks ads from websites that have adopted the EFF's Do Not Track policy and promised to respect user demands for privacy.</p>
<p>At EFF, we understand that advertising funds much of the media and services online, but we also believe that users have the right to protect themselves against tracking. Advertising is currently built around a surveillance architecture, and this has to change. Until then, users will continue to install browser extensions like Privacy Badger and make use of tracking protection in browsers like Brave, Firefox, Opera and Safari to protect themselves. </p>
<p>Google and the CBA want to address the visibly annoying aspects of ads while ignoring the deeper privacy issues. Instead, they should take their lead from Apple on this one. Ad quality needs to improve and advertisers must abandon any attempt to hijack our attention with disruptive audio, flashing animation, or screen takeovers. But this alone will not win back the trust of users alienated by an ad system run amok. Users should be given more control over the ads they are shown, and their Do Not Track demands must be honored. The web should be about opening up new possibilities both individually and collectively, but the feeling of being monitored can create unease that information about us could be misused or revealed without our permission. Since the Web has become central to human thought and communication, surveilling it without an opt-out is a fundamental intrusion into human cognition and conversation. Any plan to make ads "better" that lacks a core privacy component is fundamentally broken.</p>
</div></div></div>Wed, 07 Jun 2017 17:23:49 +0000alan.toner96152 at https://www.eff.orgCommentaryDo Not TrackOnline Behavioral TrackingLimitations of ISP Data Pollution Toolshttps://www.eff.org/deeplinks/2017/05/limitations-isp-data-pollution-tools
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Republicans in Congress recently voted to repeal the FCC’s broadband privacy rules. As a result, your Internet provider may be able to sell sensitive information like your browsing history or app usage to advertisers, insurance companies, and more, all without your consent. In response, Internet users have been asking what they can do to protect their own data from this creepy, non-consensual tracking by Internet providers—for example, <a href="https://www.eff.org/deeplinks/2017/04/heres-how-protect-your-privacy-your-internet-service-provider">directing their Internet traffic through a VPN or Tor</a>. One idea to combat this that’s recently gotten a lot of traction among privacy-conscious users is data pollution tools: software that fills your browsing history with visits to random websites in order to add “noise” to the browsing data that your Internet provider is collecting.</p>
<p class="pull-quote">One of the goals of this post is to dispel misconceptions about these tools regarding problems users may think they solve.</p>
<p>We’ve seen this idea suggested several times, and we’ve received multiple questions about how effective it would be and whether or not it protects your privacy, so we wanted to provide our thoughts. Before we begin, however, we want to note that <a href="https://www.theatlantic.com/technology/archive/2017/04/hiding-the-signal-in-the-noise/522564">several seasoned</a> <a href="https://www.wired.com/2017/03/wanna-protect-online-privacy-open-tab-make-noise">security professionals</a> <a href="https://motherboard.vice.com/en_us/article/obfuscation-wont-protect-your-privacy">have already weighed in on</a> <a href="https://arstechnica.com/information-technology/2017/04/after-vote-to-kill-privacy-rules-users-try-to-pollute-their-web-history/">the effectiveness and risks involved</a> <a href="https://www.schneier.com/blog/archives/2006/08/trackmenot_1.html">in using these tools</a>.</p>
<p>While we want to be optimistic and encourage more user-friendly technology, it’s important to evaluate new tools with caution, especially when the stakes are high. Additionally, one of the goals of this post is to dispel misconceptions about these tools regarding problems users may think they solve.</p>
<h3>Limitations of ISP Data Pollution Tools</h3>
<p>After reviewing <a href="http://cs.nyu.edu/trackmenot/">these</a> <a href="https://github.com/essandess/isp-data-pollution">sorts of</a> <a href="https://slifty.github.io/internet_noise/index.html">tools</a>, we’ve come to the conclusion that in their current form, these tools are not privacy-enhancing technologies, meaning that they don’t actually help protect users’ sensitive information.</p>
<p>To see why, let’s imagine two possible scenarios that could occur if your browsing history were somehow leaked.</p>
<p>First, imagine the tool visited a website you don’t want to be associated with. Many data pollution tools try to prevent this by blacklisting certain potentially inappropriate words or websites (or only searching on whitelisted websites) and relying on <a href="https://en.wikipedia.org/wiki/SafeSearch">Google’s SafeSearch feature</a>. However, even with these protections in place, the algorithm could still visit a website that might not be embarrassing for everyone, but could be embarrassing for you (say, a visit to an employment website when you haven’t told your employer you’re thinking of leaving). In this case, it might be difficult to prove it was the automated tool and not you who generated that traffic.</p>
<p>Second, sensitive data is still sensitive even when surrounded by noise. Imagine that your leaked browsing history showed a pattern of visits to websites about a certain health condition. It would be very hard to claim that it was the automated tool that generated that sort of traffic when it was in fact you.</p>
<p>It’s reasonable to assume that whoever is analyzing this data will put some effort into filtering out noise when looking for trends—after all, this is a standard industry-wide practice when doing data analysis on large data sets. This doesn’t necessarily mean that the data analysis will always beat the noise generation, but it’s still an important factor to consider. Likewise, layering noise onto a prominent pattern <a href="https://motherboard.vice.com/en_us/article/obfuscation-wont-protect-your-privacy">will not make that pattern any less prominent</a>. Additionally, your Internet provider may already have years of data about your browsing habits from which it can extrapolate to help with its noise-filtering efforts.</p>
<p>Even if these specific problems were solved, we would still be reluctant to say that data pollution software could successfully protect your privacy. That’s because this kind of traffic analysis is an active area of research, and <a href="https://motherboard.vice.com/en_us/article/obfuscation-wont-protect-your-privacy">there aren’t any well-tested large scale models to show that these techniques work yet</a>.</p>
<p>In other words, there are currently too many limitations and too many unknowns to be able to confirm that data pollution is an effective strategy at protecting one’s privacy. We’d love to eventually be proven wrong, but for now, we simply cannot recommend these tools as an effective method for protecting your privacy.</p>
<h3>Changing Internet Provider Behavior is a Worthy Goal, but Your Energy is Better Spent Calling Congress</h3>
<p>Data pollution tools aren’t likely to succeed at their other primary goal besides protecting privacy: convincing Internet providers to stop mining our data to sell targeted ads. The theory here is that if enough people used these tools, then the vast majority of browsing data Internet providers collected would be inaccurate. Inaccurate data is worthless for targeting ads, so there would no longer be any monetary incentive for Internet providers to try to sell targeted ads—and thus no incentive to keep collecting browsing data in the first place.</p>
<p>Unfortunately, a huge fraction of customers would have to be using data pollution tools for them to have an impact on major Internet providers’ bottom lines. And while it's wonderful to imagine the majority of Internet users up in arms and installing one of these projects, it'd be as useful (if not more so) for all these users to <a href="https://www.eff.org/deeplinks/2017/04/congress-home-these-next-two-weeks-will-members-hear-you">call their lawmakers directly</a> and convince them to pass privacy-protecting legislation instead. In fact, it would probably take far fewer people to get Congress to change its mind than it would to affect a large Internet provider’s bottom line.</p>
<h3>Culture Jamming for the Web</h3>
<p>With all of that said, these tools could potentially be effective at one thing: confusing your Internet provider’s ad-targeting algorithms and making the ads they show you less relevant. If this sort of culture jamming appeals to you, then these tools could help you accomplish that. Just keep in mind that you’ll have to rely on <a href="https://www.eff.org/deeplinks/2017/04/heres-how-protect-your-privacy-your-internet-service-provider ">other techniques to protect your privacy from your Internet provider</a>, and that to really achieve the sort of change we need, we also need to take the time to <a href="https://www.eff.org/deeplinks/2017/04/congress-home-these-next-two-weeks-will-members-hear-you">talk to our lawmakers and make our voices heard directly</a>. Only through a combination of activism, technology, and legislation will we truly be able to protect our privacy online.</p>
<p dir="ltr"></p>
</div></div></div>Mon, 01 May 2017 23:19:13 +0000jeremy95822 at https://www.eff.orgPrivacyOnline Behavioral TrackingSecurity EducationHollow Privacy Promises from Major Internet Service Providershttps://www.eff.org/deeplinks/2017/04/major-internet-service-providers-privacy-promises-ring-hollow
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>It’s no surprise that Americans were unhappy to lose online privacy protections earlier this month. Across party lines, <a href="http://www.huffingtonpost.com/entry/trump-online-privacy-poll_us_58e295e7e4b0f4a923b0d94a?xm">voters overwhelmingly oppose</a> the measure to repeal the FCC’s privacy rules for Internet providers that Congress passed and President Donald Trump signed into law.</p>
<p>But it <i>should</i> come as a surprise that Republicans—including the <a href="https://www.washingtonpost.com/opinions/no-republicans-didnt-just-strip-away-your-internet-privacy-rights/2017/04/04/73e6d500-18ab-11e7-9887-1a5314b56a08_story.html">Republican leaders</a> of the Federal Communications Commission and the Federal Trade Commission—are ardently defending the move and dismissing the tens of thousands who spoke up and told policymakers that they want protections against privacy invasions by their Internet providers.</p>
<p>Since the measure was signed into law, Internet providers and the Republicans who helped them accomplish this lobbying feat have decried the “hysteria,” “hyperbole,” and “hyperventilating” of constituents who want to be protected from the likes of Comcast, Verizon, and AT&amp;T. Instead they’ve claimed that the repeal doesn’t change the online privacy landscape and that we should feel confident that Internet providers remain committed to protecting their customers’ privacy because they told us they would despite the law.</p>
<p>We’ve repeatedly <a href="https://www.eff.org/deeplinks/2017/03/three-myths-telecom-industry-using-convince-congress-repeal-fccs-privacy-rules">debunked</a> the tired talking points of the cable and telephone lobby: There <i>is</i> a unique, intimate relationship and power imbalance between Internet providers and their customers. The FTC likely <i>cannot</i> currently police Internet providers (unless Congress steps in, which the White House said <a href="https://www.recode.net/2017/4/5/15191774/white-house-trump-online-privacy-legislation-rules-obama">it isn’t pushing for</a> at this time). Congress’ repeal of the FCC’s privacy rules <i>does</i> throw the FCC’s authority over Internet providers into doubt. The now-repealed rules—which were set to go into effect later this year—were a valuable expansion and necessary codification of <i>existing</i> privacy rights granted under the law. Internet providers have <i>already</i> shown us the <a href="https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections">creepy</a> things they’re willing to do to increase their profits.</p>
<p>The massive backlash shows that consumers saw through those industry talking points, even if Republicans in Congress and the White House fell for them.</p>
<p>Now that policymakers have effectively handed off online privacy enforcement to the Internet providers themselves, advocates for the repeal are pointing to the Internet providers’ privacy policies.</p>
<p>“Internet service providers have never planned to sell your individual browsing history to third parties,” FCC Chairman Ajit Pai and FTC acting Chairwoman Maureen Ohlhausen wrote in a recent <a href="https://www.washingtonpost.com/opinions/no-republicans-didnt-just-strip-away-your-internet-privacy-rights/2017/04/04/73e6d500-18ab-11e7-9887-1a5314b56a08_story.html">op-ed</a>. “That’s simply not how online advertising works. And doing so would violate ISPs’ privacy promises.”</p>
<p>Aside from pushing back on oversimplification of the problem at hand, we should be asking: What exactly are the “privacy promises” that ISPs are making to their customers?</p>
<p>In blog posts and public statements since the rules were repealed, the major Internet providers and the trade groups that represent them have all pledged to continue protecting customers’ <i>sensitive data</i> and not to sell customers’ <i>individual</i> Internet browsing records. But how they go about defining those terms and utilizing our private information is still going to leave people upset. These statements should also be read with the understanding that existing law already allows the <i>collection</i> of individual browsing history.</p>
<p><a href="http://corporate.comcast.com/comcast-voices/our-commitment-to-consumer-privacy">Comcast said</a> it won’t sell individual browsing histories and it won’t share customers’ “sensitive information (such as banking, children’s, and health information), unless we first obtain their <em>affirmative, opt-in consent</em><em>.</em>” It also said it will offer an opt-out “if a customer does not want us to use other, non-sensitive data to send them targeted ads.” We think leaving browsing history out of the list of information Comcast considers sensitive was no accident. In other words, we don’t think Comcast considers your browsing history sensitive, and will only offer you an opt-out of using your browsing history to send you targeted ads. There’s no mention of any opt-out of any <i>other</i> sharing of your browsing history, such as on an aggregated basis with third parties. While we applaud Comcast’s clever use of language to make it <i>seem</i> like they’re protecting their customers’ privacy, reading between the lines shows that Comcast is giving itself leeway to do the opposite.</p>
<p><a href="https://www.verizon.com/about/news/verizon-committed-your-privacy">Verizon similarly pledged</a> not to sell customers’ “<i>personal</i> web browsing history” (emphasis ours) and described its advertising programs that give advertisers access to customers based on aggregated and de-identified information about what customers do online. By our reading, this means Verizon still plans to collect your browsing history and store it—they just won’t sell it individually.</p>
<p><a href="https://about.att.com/sites/privacy_policy/terms#collect">AT&amp;T pointed</a> to its privacy policies, which carve out specific protections for “personal information … such as your name, address, phone number and e-mail address” but explicitly state that it does deliver ads “based on the websites visited by people who are not personally identified.” So just like Verizon, we think this means AT&amp;T is collecting your browsing history and storing it—they’re just not attaching your name to it and selling it to third parties on an individualized basis.</p>
<p>In a <a href="https://ecfsapi.fcc.gov/file/1031683478226/170316%20CTIA%20Reply%20to%20Oppositions%20to%20Petition%20for%20Reconsideration.pdf">filing</a> to the FCC earlier this year, CTIA—which represents the major wireless ISPs—argued that “web browsing and app usage history are not ‘sensitive information’” and said that ISPs should be able to share those records by default, unless a customer asks them not to.</p>
<p>The common thread here is that Internet providers don’t consider records about what you do online to be worthy of the heightened privacy protections they afford to things like your social security number. Internet providers think that our web browsing histories are theirs to profit off of—not ours to protect as we see fit. And because Congress changed the law, they are now free to change their minds about the promises they make without the same legal ramifications.</p>
<p>These “privacy promises” are in no way a replacement for robust privacy protections enforced by a federal agency. If Internet providers want to get serious about proving their commitment to their customers’ privacy in the absence of federal rules, they should pledge not to collect or sell or share or otherwise use information about the websites we visit and the apps we use, except for what they need to collect and share in order to provide the service their customers are actually paying for: Internet access.</p>
<p><i>That</i> would be a real privacy promise.</p>
</div></div></div>Tue, 18 Apr 2017 22:06:16 +0000jeremy95686 at https://www.eff.orgCommentaryNet NeutralityPrivacyLocational PrivacyOnline Behavioral TrackingAn Update on Verizon's AppFlash: Pre-Installed Spyware Is Still Spywarehttps://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>This post is an UPDATE to a <a href="https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans"> piece we originally published last week</a>.</em></p>
<p>Verizon recently <a href="https://techcrunch.com/2017/03/28/evie-verizon-sidescreen/">rolled out</a> a new pilot project to pre-install on customers’ devices an app launcher/search tool that, we believe, is really just spyware. This software, called AppFlash, is preloaded on a new model of LG device—<a href="https://www.verizon.com/about/news/get-lg-k20-v-verizon-today">the LG K20 V</a>—rather than in all of their Android line as we previously reported. The software allows Verizon and its partners to track the apps you have downloaded and then sell ads to you across the Internet based what those apps say about you, like which bank you use and whether you’ve downloaded a fertility app.</p>
<p>Verizon is touting “AppFlash” as a customer benefit. In reality, it is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by preloading unwanted apps on users’ devices. To see how AppFlash is dangerous, just look at the <a href="https://www.verizon.com/about/privacy/appflash-privacy-policy">Privacy Policy</a>. It states that the app can be used to:</p>
<blockquote><p>“collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.”</p></blockquote>
<p>Troubling as it may be to collect intimate details about what apps you have installed, the policy also illustrates Verizon’s intent to gather location and contact information:</p>
<blockquote><p>“With your permission, AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.”</p></blockquote>
<p>And what will Verizon use all of this information for? Why, targeted advertising on third-party websites across the Internet, of course:</p>
<blockquote><p>“AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices.”</p></blockquote>
<p>With the announcement of AppFlash, Verizon has made clear that it intends to start monetizing our private data as soon as possible, if not sooner. In other words, <a href="https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections">our prediction that mobile Internet providers would start pre-installing spyware on their customers’ phones</a> has come true, even before <a href="https://www.eff.org/deeplinks/2017/03/congress-sides-cable-and-telephone-industry">Congress changed the rule to let ISPs like Verizon, AT&amp;T, and Comcast sell your personal data</a> to advertisers. In our view, the FCC's privacy rules that Congress has voted to roll back would have prohibited Verizon from pre-installing the AppFlash spyware on its phones in this manner—and we can expect Congress' privacy rollback to embolden further privacy-invasive practices by ISPs.</p>
<p>Last week, Verizon sent us <a href="https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans">a statement</a> about its roll out of AppFlash, asserting that “you have to opt-in to use the app.” While it’s true that the user is presented with a click-through license the first time they launch AppFlash, it’s entirely unclear from that screen what information is being collected or shared. Instead, those crucial details are buried within the fine print of a Terms of Service. That’s hardly a meaningful mechanism for obtaining informed opt-in consent.</p>
<p>What are the ramifications? For one thing, this is yet another entity that will be collecting sensitive information about your mobile activity on your Android phone. It’s bad enough that Google collects much of this information already and <a href="https://www.eff.org/deeplinks/2014/08/blocking-consumer-choice-googles-dangerous-ban-privacy-security-app">blocks privacy-enhancing tools from being distributed through the Play Store</a>. Adding another company that automatically tracks its customers doesn’t help matters any.</p>
<p>But our bigger concern is the increased attack surface an app like AppFlash creates. It is likely that with Verizon rolling this app out on certain new phones, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not,<a href="https://www.eff.org/deeplinks/2017/03/five-ways-cybersecurity-will-suffer-if-congress-repeals-fcc-privacy-rules"> the damage to users’ cybersecurity could be disastrous</a>, especially if Verizon expands its “test” to additional devices.</p>
<p>Verizon should immediately abandon its plans to monitor its customers’ behaviors, and do what it’s paid to do: deliver quality Internet service without spying on users. And in no case should Verizon expand its test of this spyware to additional models of mobile devices.</p>
</div></div></div>Tue, 04 Apr 2017 00:23:45 +0000bill95546 at https://www.eff.orgPrivacyMobile devicesLocational PrivacyOnline Behavioral TrackingHere’s How to Protect Your Privacy From Your Internet Service Providerhttps://www.eff.org/deeplinks/2017/04/heres-how-protect-your-privacy-your-internet-service-provider
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="western" align="left">We pay our monthly Internet bill to be able to access the Internet. We don’t pay it to give our Internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they <a class="western" href="https://www.eff.org/deeplinks/2017/03/congress-sides-cable-and-telephone-industry">voted to strip their constituents</a> of their privacy. Even though our elected representatives have failed us, there are technical measures we can take to protect our privacy from ISPs.</p>
<p class="western" align="left">Bear in mind that these measures aren’t a replacement for the privacy rules that were repealed or would protect our privacy completely, but they will certainly help.</p>
<h3 class="western" align="left">Pick an ISP that respects your privacy</h3>
<p class="western" align="left">It goes without saying: if privacy is a concern of yours, vote with your wallet and pick an ISP that respects your privacy. <a class="western" href="https://www.eff.org/deeplinks/2017/03/small-isps-oppose-congressess-move-abolish-privacy-protections">Here is a list of them</a>.</p>
<p class="western" align="left">Given the dismal state of ISP competition in the US, you may not have this luxury, so read on for other steps you can take.</p>
<h3 class="western" align="left">Opt-out of supercookies and other ISP tracking</h3>
<p class="western" align="left">In 2014, Verizon was caught injecting cookie-like trackers into their users’ traffic, allowing websites and third-party ad networks to build profiles <a class="western" href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">without users’ consent</a>. Following criticism from US senators and FCC action, Verizon stopped auto-enrolling users and instead <a class="western" href="http://www.theverge.com/2016/3/7/11173010/verizon-supercookie-fine-1-3-million-fcc">made it opt-in</a>. Users now have a choice of whether to participate in this privacy-intrusive service.</p>
<p class="western" align="left">You should check your account settings to see if your ISP allows you to opt-out of any tracking. It is generally found under the privacy, marketing, or ads settings. Your ISP doesn’t have to provide this opt-out, especially in light of the repeals of the privacy rules, but it can never hurt to check.</p>
<h3 class="western" align="left">HTTPS Everywhere</h3>
<p class="western" align="left"><img src="/files/2017/04/03/https_everywhere_image_0.png" class="align-left" alt="" width="128" height="128" />EFF makes this <a class="western" href="https://www.eff.org/https-everywhere">browser extension</a> so that users connect to a service securely using encryption. If a website or service offers a secure connection, then the ISP is generally not able to see what exactly you’re doing on the service. However, the ISP is still able to see that you’re connecting to a certain website. For example, if you were to visit https://www.eff.org/https-everywhere, your ISP wouldn’t be able to tell that you’re on the HTTPS Everywhere page, but would still be able to see that you’re connecting to EFF’s website at https://www.eff.org</p>
<p class="western" align="left">While there are limitations of HTTPS Everywhere when it comes to your privacy, with the ISP being able to see what you’re connecting to, it’s still a valuable tool.</p>
<p class="western" align="left">If you use a site that doesn't have HTTPS by default, email them and ask them to join the movement to <a class="western" href="https://www.eff.org/encrypt-the-web">encrypt the web</a>.</p>
<h3 class="western" align="left">VPNs</h3>
<p class="western" align="left"><img src="/files/2017/04/04/vpn-image-small.png" class="align-right" alt="" width="150" height="144" />In the wake of the privacy rules repeal, the advice to use a Virtual Private Network (VPN) to protect your privacy has dominated the conversation. However, while VPNs can be useful, they carry their own unique privacy risk. When using a VPN, you’re making your Internet traffic pass through the VPN provider’s servers before reaching your destination on the Internet. Your ISP will see that you’re connecting to a VPN provider, but won’t be able to see what you’re ultimately connecting to. This is important to understand because you’re exposing your entire Internet activity to the VPN provider and shifting your trust from the ISP to the VPN.</p>
<p class="western" align="left">In other words, you should be damn sure you trust your VPN provider to not do the shady things that you don’t want your ISP to do.</p>
<p class="western" align="left">VPNs can see, modify, and log your Internet traffic. Many VPN providers make promises to not log your traffic and to take other privacy protective measures, but it can be hard to verify this independently since these services are built on closed platforms. For example, <a class="western" href="https://torrentfreak.com/researchers-issue-security-warning-over-android-vpn-apps-170125/">a recent study</a> found that up to 38% of VPN apps available for Android contained some form of malware or spyware.</p>
<p class="western" align="left">Below, we detail some factors that should be considered when selecting a VPN provider. Keep in mind that these are considerations for someone who is interested in preventing their ISP from snooping on their Internet traffic, and not meant for someone who is interested in protecting their information from the government—a whistleblower, for instance. As with all things security and privacy-related, it’s important to consider your <a href="https://ssd.eff.org/en/glossary/threat-model">threat model</a>.</p>
<ul><li>
<p align="left">Is your VPN service dirt-cheap or free? Does the service cost $20 for a lifetime service? There’s probably a reason for that and your browsing history may be the actual product that the company is selling to others.</p>
</li>
</ul><ul><li>
<p align="left">How long has your VPN provider been around? If it is relatively new and without a reliable history, you’d have to trust the provider a great deal in order to use such a service.</p>
</li>
</ul><ul><li>
<p align="left">Does the VPN provider log your traffic? If yes, what kind of information is logged? You should look for one that explicitly promises to not log your Internet traffic and how active the VPN provider is in advocating for user privacy.</p>
</li>
</ul><ul><li>
<p align="left">Does the VPN provider use encryption in providing the service? It’s generally recommended to use services that support a well-vetted open source protocol like OpenVPN or IPSec. Utilizing these protocols ensures <a href="https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/">best security available</a>. </p>
</li>
<li>
<p align="left">If your VPN provider uses encryption, but has a single shared password for all of the users, it’s not sufficient encryption.</p>
</li>
</ul><ul><li>
<p align="left">Do you need to use the VPN provider’s proprietary client to use the service? You should avoid these and look for services that you can use with an open source client. There are many clients that support the above-mentioned OpenVPN or IPSec protocols.</p>
</li>
</ul><ul><li>
<p align="left">Would using the VPN service still leak <a href="http://www.makeuseof.com/tag/dns-leaks-can-destroy-anonymity-using-vpn-stop/">your DNS queries</a> to your ISP?</p>
</li>
<li>
<p align="left">Does the VPN support IPv6? As <a class="western" href="https://www.washingtonpost.com/business/technology/what-is-ipv6-and-why-does-it-matter/2012/06/06/gJQAbClTIV_story.html">the Internet transitions</a> from IPv4 to the IPv6 protocol, some VPN providers may not support it. Consequently, if your digital device is trying to reach a destination that has an IPv6 address using a VPN connection that only supports IPv4, the old protocol, it may attempt to do so outside of the VPN connection. This can enable the ISP to see what you’re connecting to since the traffic would be outside of the encrypted VPN traffic.</p>
</li>
</ul><p class="western" align="left">Now that you know what to look for in a VPN provider, you can use <a href="https://thatoneprivacysite.net/vpn-section/">these <span class="western">two</span></a> <a class="western" href="https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/">guides</a> as your starting point for research. Though keep in mind that a lot of the information in the guides is derived from or given by the provider, so again, it requires us to trust their assertions.</p>
<h3 class="western" align="left">Tor</h3>
<p class="western" align="left"><img src="/files/2017/04/03/tor.jpeg" class="align-left" alt="" width="156" height="100" />If you are trying to protect your privacy from your Internet company, <a class="western" href="https://www.torproject.org/">Tor Browser</a> perhaps offers the most robust protection. Your ISP will only see that you are connecting to the Tor network, and not your ultimate destination, similar to VPNs.</p>
<p class="western" align="left">Keep in mind that with Tor, exit node operators can spy on your ultimate destination in the same way a VPN can, but Tor does attempt to hide your real IP address, which can improve anonymity relative to a VPN.</p>
<p class="western" align="left">Users should be aware that some websites may not work in the Tor browser because of the protections built in. Additionally, maintaining privacy on Tor does require <span class="western">users to alter</span> their browsing habits a little. <a href="https://www.torproject.org/download/download#warning">See this for more information</a>.</p>
<p class="western" align="left"></p>
<p class="western" align="left">It’s a shame that our elected representatives decided to prioritize corporate interests over our privacy rights. We shouldn’t have to take extraordinary steps to limit how our personal information can be used, but that is clearly something that we are all forced to do now. EFF will continue to advocate for Internet users’ privacy and will work to fix this in the future.</p>
</div></div></div>Mon, 03 Apr 2017 22:54:39 +0000amul95543 at https://www.eff.orgTechnical AnalysisPrivacyOnline Behavioral TrackingSmall ISPs Oppose Congress's Move to Abolish Privacy Protectionshttps://www.eff.org/deeplinks/2017/03/small-isps-oppose-congressess-move-abolish-privacy-protections
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="eff_digital_voices-take_action callout-right"><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Call your Representative now!</strong></a></p><p>The <a href="https://www.reddit.com/r/IAmA/comments/61hrzp/congress_is_trying_to_repeal_online_privacy_rules/">Internet is up in arms</a> over <a href="https://www.eff.org/deeplinks/2017/03/we-have-24-hours-save-online-privacy-rules">Congress's plan to drastically reduce your privacy online</a>, and <a href="http://www.pressherald.com/2017/03/24/maine-internet-providers-blast-senate-vote-to-strip-customers-privacy-protection/">that includes small Internet providers and networking companies</a>. Many of them agree that we need the Federal Communication Commission's rules to protect our privacy online, and seventeen of them have written to Congress today to express their concerns.</p><p>The situation before the FCC’s intervention was succinctly described in the fine print of <a href="https://web-beta.archive.org/web/20120324231449/http://www22.verizon.com:80/about/privacy/policy/#infoadv">Verizon’s privacy policy</a>: “If you do not want information collected for marketing purposes from services such as the Verizon Wireless Mobile Internet services, you should not use those particular services.” That was refreshingly honest. Other ISPs including AT&amp;T, Charter, and Sprint <a href="https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections">also monitored their customers in intrusive ways</a>, but were less frank in admitting it, even in their privacy policies.</p><p>Below is a letter signed by several small Internet providers who share our concerns. Add your voices to theirs: <a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy">call your Representative today and tell them not to repeal the broadband privacy rules</a>!</p><blockquote><p dir="ltr">Dear U.S. Representatives,</p><p><b>Re: Oppose S.J. Res 34 - Repeal of FCC Privacy Rules</b></p><p>We, the undersigned founders, executives, and employees of ISPs and networking companies, spend our working lives ensuring that Americans have high-quality, fast, reliable, and locally provided choices available when they need to connect to the Internet. One of the cornerstones of our businesses is respecting the privacy of our customers, and it is for that primary reason that we are writing to you today.</p><p>We urge Congress to preserve the FCC’s Broadband Privacy Rules and vote down plans to abolish them. If the rules are repealed, large ISPs across America would resume spying on their customers, selling their data, and denying them a practical and informed choice in the matter.</p><p>Perhaps if there were a healthy, free, transparent, and competitive market for Internet services in this country, consumers could choose not to use those companies’ products. But small ISPs like ours face many structural obstacles, and many Americans have very limited choices: a monopoly or duopoly on the wireline side, and a highly consolidated cellular market dominated by the same wireline firms.</p><p>Under those circumstances, the FCC’s Broadband Privacy Rules are the only way that most Americans will retain the free market choice to browse the Web without being surveilled by the company they pay for an Internet connection.</p><p dir="ltr">Signed,</p><p dir="ltr">Sonic <br />Monkeybrains.net <br />Cruzio Internet <br />Etheric Networks <br />University of Nebraska <br />CREDO Mobile <br />Aeneas Communications <br />Digital Service Consultants Inc. <br />Om Networks <br />Hoyos Consulting LLC <br />Mother Lode Internet <br />Gold Rush Internet <br />Ting Internet<br />Tekify Fiber &amp; Wireless<br />Davis Community Network<br />Andrew Buker (Director of Infrastructure Services &amp; Research computing, University of Nebraska at Omaha) <br />Tim Pozar (co-founder, TwoP LLC) <br />Andrew Gallo (Senior Network Architect for a regional research and education network) <br />Jim Deleskie (co-founder, Mimir networks) <br />Randy Carpenter (VP, First Network Group) <br />Kraig Beahn (CTO, Enguity Technology Corp)<br />Chris Owen (President, Hubris Communications)<br />James Persky (CEO, Pacific Internet)<br />Brian Worthen, (CEO, Visionary Communications)</p></blockquote><p dir="ltr"> </p><p dir="ltr">If you run a small ISP and would like to join our letter, send an email to isp-letter@eff.org.</p><p><code class="html"><script type="text/javascript" src="https://act.eff.org/action/embed"></script><a class="action-center-widget" href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy?nosignup=1">Take part in the action!</a></code></p>
</div></div></div>Mon, 27 Mar 2017 20:06:33 +0000jeremy95444 at https://www.eff.orgPrivacyOnline Behavioral TrackingNet NeutralityFive Ways Cybersecurity Will Suffer If Congress Repeals the FCC Privacy Ruleshttps://www.eff.org/deeplinks/2017/03/five-ways-cybersecurity-will-suffer-if-congress-repeals-fcc-privacy-rules
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="eff_digital_voices-take_action callout-right"><a href="/offline"></a><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action"></a><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><strong>Call your Congressmember&nbsp;<em>now</em> to save online privacy!</strong></a></p><p>Back in October of 2016, the Federal Communications Commission passed some pretty awesome rules that would bar your Internet provider from invading your privacy. The rules would keep Internet providers like Comcast and Time Warner Cable from doing things like selling your personal information to marketers, inserting undetectable tracking headers into your traffic, or recording your browsing history to build up a behavioral advertising profile on you—unless they got your permission first. The rules were a huge victory for U.S. Internet users who value their privacy.</p><p>But last Thursday, Republicans in the Senate voted to repeal those rules. If the House of Representatives votes the same way and the rules are repealed, it’s pretty obvious that the results for Americans' privacy will be disastrous.</p><p>But what many people don’t realize is that Americans’ cybersecurity is also at risk. That’s because privacy and security are two sides of the same coin: privacy is about controlling who has access to information about you, and security is how you maintain that control. You usually can’t break one without breaking the other, and that’s especially true in this context. To show how, here are five ways repealing the FCC’s privacy rules will weaken Americans’ cybersecurity.</p><p><strong>&nbsp;</strong></p><h3>Risk #1: Snooping On Traffic (And Creating New Targets for Hackers)</h3><p>In order for Internet providers to make money off your browsing history, they first have to collect that information—what sort of websites you’re browsing, metadata about whom you’re talking to, and maybe even what search terms you’re using. Internet providers will also need to store that information somewhere, in order to build up a targeted advertising profile of you. So where’s the cybersecurity risk?</p><p>The first risk is that Internet providers haven’t exactly been bastions of security when it comes to keeping information about their customers safe. Back in 2015, Comcast had to pay $33 million for unintentionally releasing information about customers who had paid Comcast to keep their phone numbers unlisted. “<a href="https://www.eff.org/deeplinks/2015/10/comcast-agrees-pay-33-million-data-breach-settlement-leaking-thousands-unlisted">These customers ranged from domestic violence victims to law enforcement personnel</a>”, many of who had paid for their numbers to be unlisted to protect their safety. But Comcast screwed up, and their phone numbers were published anyway.</p><p>And that was just a mistake on Comcast’s part, with a simple piece of data like phone numbers. Imagine what could happen if hackers decided to target the treasure trove of personal information Internet providers start collecting. People’s personal browsing history and records of their location could easily become the target of foreign hackers who want to embarrass or blackmail politicians or celebrities. To make matters worse, FCC Chairman (and former Verizon lawyer) Ajit Pai recently halted the enforcement of a rule that would require Internet providers to “<a href="https://arstechnica.com/tech-policy/2017/02/isps-wont-have-to-follow-new-rule-that-protects-your-data-from-theft/">take reasonable measures to protect customer [personal information] from unauthorized use, disclosure, or access</a>”—so Internet providers won’t be on the hook if their lax security exposes your data.</p><p>This would just be the fallout from passive data collection—where your&nbsp;Internet provider&nbsp;simply spies on your data as it goes by. An even scarier risk is that&nbsp;Internet providers want to be able to do much more than that.</p><p><strong>&nbsp;</strong></p><h3>Risk #2: Erasing Encryption (And Making it Easier for Hackers to Spy On You)</h3><p>Right now, your&nbsp;Internet provider&nbsp;can only spy on the portion of your traffic that <em>isn’t</em> encrypted—in other words, whenever you visit a site that starts with http<strong><em><span style="text-decoration: underline;">s</span></em></strong> (instead of just http), your&nbsp;Internet provider&nbsp;<em>can’t</em> see the contents of what you’re browsing. They can still see what domain you’re visiting, but they can’t see what specific page, or what’s on that page. That frustrates a lot of&nbsp;Internet providers, because they want to be able to build advertising profiles on the contents of your encrypted data as well.</p><p>In order to accomplish that,&nbsp;Internet providers have proposed a standard (called Explicit Trusted Proxies) that would allow them to intercept your data, remove the encryption, read the data (and maybe even modify it), and then encrypt it again and send it on its way. At first blush this doesn’t sound so bad. After all, the data is only decrypted within the Internet provider’s servers, so hackers listening in on the outside still wouldn’t be able to read it, right?</p><p>Unfortunately not. <a href="https://www.us-cert.gov/ncas/alerts/TA17-075A">According to a recent alert</a> by US-CERT, an organization dedicated to computer security within the Department of Homeland Security:</p><blockquote>“Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility of a MiTM [Man-in-The-Middle] attack. Furthermore, certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server.”</blockquote><p>Further, <a href="https://jhalderm.com/pub/papers/interception-ndss17.pdf">a recent study found that 54% of connections that were intercepted (i.e. decrypted and re-encrypted) ended up with weaker encryption</a>.</p><p>Translating from engineer-speak, that means many of the systems designed to decrypt and then re-encrypt data actually end up <a href="http://www.itworld.com/article/3182431/security/some-https-inspection-tools-might-weaken-security.html">weakening the security of the encryption</a>, which exposes users to increased risk of cyberattack. Simply put, if&nbsp;Internet providers think they can profit from looking at your encrypted data and start deploying these systems widely, we’ll no longer be able to trust the security of our web browsing—and that could end up exposing everything from your email to your banking information to hackers.</p><p>&nbsp;</p><h3>Risk #3: Inserting Ads Into Your Browsing (And Opening Holes In Your Browsing Security)</h3><p>One of the major threats to cybersecurity if the FCC’s privacy rules are repealed comes from <a href="https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections">Internet providers inserting ads into your web browsing</a>. Here we’re talking about your&nbsp;Internet provider&nbsp;placing additional ads in the webpages you view (beyond the ones that already exist). Why is this dangerous? Because inserting new code into a webpage in an automated fashion could break the security of the existing code in that page. As <a href="https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/">security expert Dan Kaminsky put it</a>, inserting ads could break “all sorts of stuff, in that you no longer know as a website developer precisely what code is running in browsers out there. You didn't send it, but your customers received it.”</p><p>In other words, security features in sites and apps you use could be broken and hackers could take advantage of that—causing you to do anything from sending your username and password to them (while thinking it was going to the genuine website) to installing malware on your computer.<a class="see-footnote" id="footnoteref1_ywuadwc" title="The mechanisms that can be broken by ad injection include: the Same Origin Policy; the correctness of non-browser applications that use HTTP as a transport mechanism (including many Internet of Things protocols, and software update mechanisms that rely on signatures but not TLS for security); certain uses of Content Security Policy headers." href="#footnote1_ywuadwc">1</a></p><p>&nbsp;</p><h3>Risk #4: Zombie Supercookies (Allowing Hackers to Track You Wherever You Go)</h3><p>Internet providers haven’t been content with just inserting ads into our traffic—they’ve also tried inserting unique tracking tags as well (the way Verizon did two years ago). For&nbsp;Internet providers, the motivation is to make you trackable, by inserting a unique ID number into every unencrypted connection your browser makes with a website. Then, a website that wants to know more about you (so they can decide what price to charge you for a product) can pay your&nbsp;Internet provider&nbsp;a little money and tell them what ID number they want to know about, and your&nbsp;Internet provider&nbsp;will share the desired info associated with that ID number.</p><p>At first you might be tempted to file this one away as purely a privacy problem. But this is a great example of how privacy and security really are two sides of the same coin. If your&nbsp;Internet provider&nbsp;is sending these tracking tags to <em>every</em> website you visit (as Verizon did originally), then <em>every website you visit, and every third party embedded in websites you visit, can track you</em>—even if you’ve deleted your browser’s cookies or enabled Incognito mode.</p><p>This means that more people will be able to track you as you surf the Web, you’ll see more creepy and disconcerting ads based on things you’ve done in the past, and many of the tools <a href="https://www.eff.org/deeplinks/2015/01/which-apps-and-browsers-protect-you-against-verizon-and-turns-non-consensual">you might use to protect yourself</a>&nbsp;won’t work because the tracking is being added after the data leaves your machine.</p><p>&nbsp;&nbsp;</p><h3>Risk #5: Spyware (Which Opens the Door for Malware)</h3><p>The last risk comes from&nbsp;Internet providers pre-installing spyware on our devices—particularly on mobile phones, which most of us purchase directly from the company that provides our cell service, i.e. our&nbsp;Internet provider. In the past,&nbsp;Internet providers have installed spyware like <a href="https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture">Carrier IQ</a> on phones, claiming it was only to “<a href="https://arstechnica.com/tech-policy/2011/12/carrier-iq-hit-with-privacy-lawsuits-as-more-security-researchers-weigh-in/">improve wireless network and service performance.</a>” After a huge blowback, many&nbsp;Internet providers backed down on using Carrier IQ. But given that software like Carrier IQ could record what websites you visit and what search terms you enter, it would be pretty tempting for&nbsp;Internet providers to resurrect that spyware and use it for advertising purposes. So where’s the cybersecurity risk?</p><p>As <a href="https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture">we’ve explained before</a>, part of the problem with Carrier IQ was that it could be configured to record sensitive information into your phone’s system logs. But some apps transmit those logs off of your phone as part of standard debugging procedures, assuming there’s nothing sensitive in them. As a result, “keystrokes, text message content and other very sensitive information [was] in fact being transmitted from some phones on which Carrier IQ is installed to third parties.” Depending on how that information was transmitted, eavesdroppers could also intercept it—meaning hackers might be able to see your username or password, without having to do any real hacking.</p><p>But the even bigger concern is that for spyware like Carrier IQ to function effectively, it has to have fairly low-level access to your phone’s systems—which is engineer-speak for saying it needs to be able to see and access all the parts of your phone’s operating system that would usually be secure. Thus, if hackers can find a vulnerability in the spyware, then they can use it as a sort of tunnel to get access to almost anything in your phone.</p><p>&nbsp;</p><p>In the end, the cybersecurity implications of repealing the FCC’s privacy rules come from simple logic. If the privacy rules are repealed,&nbsp;Internet providers will resume and accelerate these dangerous practices with the aim of monetizing their customers’ browsing history and app usage. But in order to do that,&nbsp;Internet providers will need to record and store even more sensitive data on their customers, which will become a target for hackers.&nbsp;Internet providers will also be incentivized to break their customers’ security, so they can see all the valuable encrypted data their customers send. And when&nbsp;Internet providers break their customers’ security, you can be sure malicious hackers will be right on their heels.</p><p>The net result is simple: repealing the FCC’s privacy rules won’t just be a disaster for Americans’ privacy. It will be a disaster for America’s cybersecurity, too.</p><p><code class="html"> <a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy?nosignup=1" class="action-center-widget">Take part in the action!</a> </code></p>
<ul class="footnotes"><li class="footnote" id="footnote1_ywuadwc"><a class="footnote-label" href="#footnoteref1_ywuadwc">1.</a> The mechanisms that can be broken by ad injection include: the Same Origin Policy; the correctness of non-browser applications that use HTTP as a transport mechanism (including many Internet of Things protocols, and software update mechanisms that rely on signatures but not TLS for security); certain uses of Content Security Policy headers.</li>
</ul>
</div></div></div>Mon, 27 Mar 2017 04:24:03 +0000jeremy95423 at https://www.eff.orgPrivacyOnline Behavioral TrackingNet NeutralityEncrypting the WebSecuritySenate Puts ISP Profits Over Your Privacyhttps://www.eff.org/deeplinks/2017/03/senate-puts-isp-profits-over-your-privacy
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The Senate just voted to roll back your online privacy protections. <a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy">Speak up now</a> to keep the House from doing the same thing.</p>
<div style="float: right;" align="right">
<code class="html">
<script type="text/javascript" src="https://act.eff.org/action/embed"></script>
<a class="action-center-widget" href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy?nosignup=1">Take part in the action!</a>
</code>
</div>
<p>ISPs have been lobbying for weeks to get lawmakers to <a href="https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections">repeal the FCC’s rules</a> that stand between them and using <a href="https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections">even creepier ways</a> to track and profit off of your every move online. Republicans in the Senate just voted 50-48 (with two absent votes) to approve a Congressional Review Action resolution from Sen. Jeff Flake which—if it makes it through the House—would not only roll back the FCC’s rules but also prevent the FCC from writing similar rules in the future.</p>
<P>That would be a crushing loss for online privacy. ISPs act as gatekeepers to the Internet, giving them incredible access to records of what you do online. They shouldn’t be able to profit off of the information about what you search for, read about, purchase, and more without your consent.</p>
<p>We can still kill this in the House:&nbsp;<a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy">call your lawmakers today</a> and tell them to protect your privacy from your ISP.</p>
</div></div></div>Thu, 23 Mar 2017 15:30:13 +0000dm95402 at https://www.eff.orgNet NeutralityPrivacyOnline Behavioral TrackingFive Creepy Things Your ISP Could Do if Congress Repeals the FCC’s Privacy Protectionshttps://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/03/21/og-post-isp-paley-once.gif" alt="" width="650" height="325" /></p>
<p>Why are we <a href="https://www.eff.org/deeplinks/2017/03/congress-trying-roll-back-internet-privacy-protections-you-read">so worried about Congress repealing the FCC’s privacy rules for ISPs</a>? Because we’ve seen ISPs do some disturbing things in the past to invade their users’ privacy. Here are five examples of creepy practices that could make a resurgence if we don’t stop Congress now.</p>
<p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong></strong><b><u>Call Congress and help keep creepy ISP practices a thing of the past!</u></b></a></p>
<h3><a id="creepy5"></a>5. Selling your data to marketers</h3>
<p><b>Which ISPs did it before?</b> We don’t know—but they’re doing it as you read this!</p>
<p>It’s no secret that many ISPs think they’re sitting on a gold mine of user data that they want to sell to marketers. What some people don’t realize is that some are already doing it. (Unfortunately they’re getting away with this for now because the FCC’s rules haven’t gone into effect yet.)</p>
<p>According to Ad Age, <a href="http://adage.com/article/datadriven-marketing/24-billion-data-business-telcos-discuss/301058/">SAP sells a service called Consumer Insights 365</a>, which “ingests regularly updated data representing as many as 300 cellphone events per day for each of the 20 million to 25 million mobile subscribers.” What type of data does Consumer Insights 365 “ingest?” Again, according to Ad Age, “The service also combines data from telcos with other information, telling businesses whether shoppers are checking out competitor prices… It can tell them the age ranges and genders of people who visited a store location between 10 a.m. and noon, and link location and demographic data with shoppers' web browsing history.” And who is selling SAP their customers’ data? Ad Age says “SAP won't disclose the carriers providing this data.”</p>
<p>In other words, mobile broadband providers are too afraid to tell you, their customers, that they’re selling data about your location, demographics, and browsing history. Maybe that’s because it’s an incredibly creepy thing to do, and these ISPs don’t want to get caught red-handed.</p>
<p>And speaking of getting caught red-handed, that brings us to…</p>
<h3><a id="creepy4"></a>4. Hijacking your searches</h3>
<p><b>Which ISPs did it before?</b> Charter, Cogent, DirecPC, Frontier, Wide Open West (to name a few)</p>
<p>Back in 2011, <a href="https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us">several ISPs were caught red-handed working with a company called Paxfire to hijack their customers’ search queries to Bing, Yahoo!, and Google</a>. Here’s how it worked.</p>
<p>When you entered a search term in your browser’s search box or URL bar, your ISP directed that query to Paxfire instead of to an actual search engine. Paxfire then checked what you were searching for to see if it matched a list of companies that had paid them for more traffic. If your query matched one of these brands (e.g. you had typed in “apple”, “dell”, or “wsj”, to name a few) then Paxfire would send you directly to that company’s website instead of sending you to a search engine and showing you all the search results (which is what you’d normally expect). The company would then presumably give Paxfire some money, and Paxfire would presumably give your ISP some money.</p>
<p>In other words, ISPs were hijacking their customers’ search queries and redirecting them to a place customers hadn’t asked for, all while pocketing a little cash on the side. Oh, and the ISPs in question hadn’t bothered to tell their customers they’d be <a href="https://www.eff.org/deeplinks/2011/08/update-paxfire-and-search-redirection">sending their search traffic to a third party that might record some of it</a>.</p>
<p>It’s hard to believe we’re still on the subtle end of the creepy spectrum. But things are about to get a whole lot more in-your-face creepy, with…</p>
<h3>3. Snooping through your traffic and inserting ads</h3>
<p><b>Which ISPs did it before?</b> AT&amp;T, Charter, CMA</p>
<p>This is the biggest one people are worried about, and with good reason—ISPs have every incentive to snoop through your traffic, record what you’re browsing, and then inject ads into your traffic based on your browsing history.</p>
<p>Plenty of ISPs have done it before—<a href="http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/">AT&amp;T did it on some of their paid wifi hotspots</a>; <a href="https://arstechnica.com/uncategorized/2008/05/charter-enhances-internet-service-with-targeted-ads/">Charter did it with its broadband customers</a>; and a <a href="http://stopthecap.com/2013/04/03/isp-crams-its-own-ads-all-over-your-capped-internet-connection-banners-block-your-view/">smaller ISP called CMA did the same</a>.</p>
<p>We don’t think this one requires much explaining for folks to understand just how privacy invasive this is. But if you need a reminder, we’re talking about the company that carries all your Internet traffic examining each packet in detail<a class="see-footnote" id="footnoteref1_88g7uey" title="To be absolutely precise, your ISP could track and record all your HTTP traffic, and the domain name you visit for HTTPS websites." href="#footnote1_88g7uey">1</a> to build up a profile on you, which they can then use to inject even more ads into your browsing experience. (Or, even worse—they could hire a third-party company like <a href="https://arstechnica.com/tech-policy/2008/11/nebuad-isps-sued-over-dpi-snooping-ad-targeting-program/">NebuAd</a> or <a href="http://www.theregister.co.uk/2008/04/14/bt_phorm_2007/">Phorm</a> to do all this for them.) That’s your ISP straight up spying on you to sell ads—and turning the creepiness factor up to eleven.<a class="see-footnote" id="footnoteref2_prkupsd" title="We’ve heard some arguments that is just what Google or Facebook do, but there’s a big difference. You can choose not to use Google or Facebook, and it’s easy to install free tools that block their tracking on other parts of the web. EFF even makes such a tool, called Privacy Badger! But changing ISPs or paying for a VPN is hard (and some people don’t have more than one choice of ISP). For more, see our post on busting three ISP privacy rollback myths." href="#footnote2_prkupsd">2</a> And speaking of spying, we’d be remiss if we didn’t mention…</p>
<h3>2. Pre-installing software on your phone and recording every URL you visit</h3>
<p><b>Which ISPs did it before?</b> AT&amp;T, Sprint, T-Mobile</p>
<p>When you buy a new Android phone, you probably expect it to come with some bloatware—apps installed by the manufacturer or carrier that you’re never going to use. You <i>don’t</i> expect it to come preinstalled with <a href="https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture">software that logs which apps you use and what websites you visit and sends data back to your ISP</a>. But that’s exactly what was uncovered when security researcher and EFF client <a href="https://www.eff.org/deeplinks/2011/11/carrieriq-censor-research-baseless-legal-threat">Trevor Eckhart did some digging into Carrier IQ</a>, an application that came preinstalled on phones sold by AT&amp;T, Sprint, and T-Mobile.</p>
<p>This is even creepier than number three on our list (watching your traffic and injecting ads), because at least with number three, your ISP can only see your unencrypted traffic. With Carrier IQ, your ISP could also see what encrypted (HTTPS) URLs you visit and record what apps you use.</p>
<p>Simply put, preinstalled software like Carrier IQ gives your ISP a window into <i>everything</i> you do on your phone. While mobile ISPs may have backed down on using Carrier IQ in the past (and the situation led to a <a href="http://www.carrieriqsettlement.com">class action lawsuit</a>), you can bet that if the FCC’s privacy rules are rolled back there’ll be ISPs be eager to start something similar.</p>
<p>But none of these creepy practices holds a candle to the ultimate, creepiest thing ISPs want to do with your traffic, which is…</p>
<h3>1. Injecting undetectable, undeletable tracking cookies in all of your HTTP traffic</h3>
<p><b>Which ISPs did it before?</b> AT&amp;T, Verizon</p>
<p>The number one creepiest thing on our list of privacy-invasive practices comes courtesy of Verizon (and AT&amp;T, which <a href="http://www.usatoday.com/story/tech/2014/11/14/att-supercookies-tracking/19041911/">quickly killed a similar program</a> after Verizon started getting blowback).</p>
<p><a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">Back in 2014 Verizon Wireless decided that it was a good idea to insert supercookies into <i>all </i>of its mobile customers’ traffic</a>. Yes, you read that right—it’s as if some Verizon exec thought “inserting tracking headers into all our customers’ traffic can’t have a down side, can it?” Oh, and, for far too long, they didn’t bother to explicitly tell their customers ahead of time.</p>
<p>But it gets worse. Initially, there was no way for customers to turn this “feature” off. It didn’t matter if you were browsing in Incognito or Private Browsing mode, using a tracker-blocker, or had enabled Do-Not-Track: Verizon ignored all this and inserted a unique identifier into all your unencrypted outbound traffic anyway. According to the <a href="https://apps.fcc.gov/edocs_public/attachmatch/DOC-338091A1.pdf">FCC</a>, it wasn’t until “two years after Verizon Wireless first began inserting UIDH, that the company updated its privacy policy to disclose its use of UIDH and began to offer consumers the opportunity to opt-out of the insertion of unique identifier headers into their Internet traffic.”</p>
<p>As a result, anyone—not just advertisers—could track you as you browsed the web. Even if you cleared your cookies, <a href="https://www.eff.org/deeplinks/2015/01/verizon-and-turn-break-browser-privacy-protections">advertisers could use Verizon’s tracking header to resurrect them</a>, which led to something called “zombie cookies.” If that doesn’t sound creepy, we don’t know what does.</p>
<p>As you can see, there’s a lot at stake in this fight. The FCC privacy rules congress is trying to kill would limit all of these creepy practices (and even ban some of them outright). So don’t forget to call your senators and representative <i>right now</i>—because if we don’t stop Congress from killing the FCC’s ISP privacy rules now, we may end up with a lot more than five creepy ISP practices in the future.</p>
<p></p>
<p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong></strong><b><u>Call Congress and help keep creepy ISP practices a thing of the past!</u></b></a></p>
<ul class="footnotes"><li class="footnote" id="footnote1_88g7uey"><a class="footnote-label" href="#footnoteref1_88g7uey">1.</a> To be absolutely precise, your ISP could track and record all your HTTP traffic, and the domain name you visit for HTTPS websites.</li>
<li class="footnote" id="footnote2_prkupsd"><a class="footnote-label" href="#footnoteref2_prkupsd">2.</a> We’ve heard some arguments that is just what Google or Facebook do, but there’s a big difference. You can choose not to use Google or Facebook, and it’s easy to install free tools that block their tracking on other parts of the web. EFF even makes such a tool, called <a href="https://www.eff.org/pb">Privacy Badger</a>! But changing ISPs or paying for a VPN is hard (and some people don’t have more than one choice of ISP). For more, <a href="https://www.eff.org/deeplinks/2017/03/three-myths-telecom-industry-using-convince-congress-repeal-fccs-privacy-rules#myth3">see our post on busting three ISP privacy rollback myths</a>.</li>
</ul></div></div></div>Mon, 20 Mar 2017 06:05:03 +0000jeremy95320 at https://www.eff.orgCall To ActionNet NeutralityPrivacyOnline Behavioral TrackingDo Not TrackThree Myths the Telecom Industry is Using to Convince Congress to Repeal the FCC’s Privacy Rules, Bustedhttps://www.eff.org/deeplinks/2017/03/three-myths-telecom-industry-using-convince-congress-repeal-fccs-privacy-rules
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Back in October of 2016, the FCC passed some pretty awesome rules that would bar your internet service provider (ISP) from invading your privacy. The rules would keep ISPs like Comcast and Time Warner Cable from doing things like selling your personal information to marketers, inserting undetectable tracking headers into your traffic, or recording your browsing history to build up a behavioral advertising profile on you—unless they can get your consent. They were a huge victory for everyday Internet users in the U.S. who value their privacy.</p>
<p>But since the restrictions also limit the ability of ISPs and advertisers alike to profit from the treasure trove of data ISPs have about their subscribers, powerful interests have come out in force to strip those protections away. <a href="https://arstechnica.com/tech-policy/2017/03/ad-industry-lobbyists-celebrate-impending-death-of-online-privacy-rules/">Lobbyists in DC</a> are <a href="http://www.mediapost.com/publications/article/296980/ad-industry-lobbies-against-confusing-broadband.html">pulling out all the stops</a> trying to convince Congress that these straightforward, no-nonsense privacy rules are unnecessary, unfair, overly burdensome, or all of the above. EFF wrote a memo for congressional staffers that busts these myths.</p>
<p>And we’re sharing the content of that memo with you, Team Internet, so you can see the type of FUD ISPs and their allies are pushing in order to take away your privacy.</p>
<p>(Fair warning: some of these are fairly wonky, so if you’re not the type that gets excited by telecom law, you can always skip to the part where you <a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy">call your senators and representative and tell them not to repeal the FCC’s ISP privacy rules</a>—because if we raise our voices together, we can stop Congress before it’s too late.)</p>
<p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Call Congress now and tell them not to repeal the FCC's privacy rules!</strong></a></p>
<h3><b><a id="myth1"></a>Myth 1:</b> <i>If the FCC’s privacy rules are repealed</i>, s<i>tate officials and the Federal Trade Commission will fill the gap—so customers’ privacy will still be protected.</i></h3>
<p><b>Fact: </b>Unfortunately, recent court decisions have limited the FTC’s ability to enforce privacy rules on ISPs. Plus, relying on each state to enforce its own laws to protect privacy would create a terrible patchwork of mismatched regulations. You’d think with all the uncertainty and bureaucracy that would create, the ISPs would actually <i>prefer</i> clear, bright-line rules at the national level. But you’d be wrong: at this point, they’ll say anything to block the FCC’s privacy-protective rules.<b></b></p>
<p><b>Extended Version:<br /></b>The 2016 <a href="https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/29/15-16585.pdf"><i>FTC v AT&amp;T Mobility</i> decision at the 9<sup>th</sup> Circuit</a> eliminated the Federal Trade Commission’s authority to enforce privacy rules on ISPs in Arizona, Alaska, Hawaii, California, Idaho, Montana, Nevada, Oregon, and Washington. Other courts may do the same. And while some states’ Attorney Generals have brought actions against ISPs that mislead or deceive consumers about how the companies collect, share, and sell customer data, many other states have scaled back their enforcement on the premise that federal enforcement was sufficient and preferable. <b></b></p>
<p>What’s more, a state-by-state patchwork of consumer protection enforcement is bad for customers <i>and</i> telecoms. It leaves customers in states with weaker consumer protection statutes or less assertive Attorneys General without crucial safeguards from their ISPs. And it leaves ISPs subject to a bewildering array of regulations depending on where they operate. That regulatory thicket will impede competition and innovation by discouraging service providers from entering new markets.</p>
<h3><a id="myth2"></a>Myth 2: <i>Even if Congress repeals the FCC’s recent privacy rules, the FCC still has authority to enforce consumer privacy protections more generally under Section 222 of the Communications Act.</i></h3>
<p><b>Fact:</b> Due to the way Congress plans to repeal the FCC’s privacy rules, there’s going to be a lot of legal uncertainty about whether or not the FCC will be allowed to do <i>anything</i> related to ISPs and privacy in the future. In other words, it’s not clear if you’ll be at the mercy of your ISP or not, and by the time the courts figure it out, your ISP will have already had the chance to do some pretty creepy things.</p>
<p><b>Extended Version:<br /></b>Section 222 of the Communications Act is the underlying authorization for the rules the FCC has already adopted, but if Congress passes a Congressional Review Act (CRA) resolution to repeal the rules, whether or not the FCC can pass new rules using that authority will be an open question.</p>
<p>That’s because <a href="https://www.eff.org/deeplinks/2017/02/congress-contemplating-making-it-illegal-protect-consumer-privacy-online">a CRA resolution would prohibit the FCC from issuing rules that are “substantially the same” in the future</a>. If the FCC brings an action against an ISP under Section 222 for mishandling customer data, the ISP would likely try to challenge the action in court on the grounds that Congress preempted the agency with the CRA, creating uncertainty around ISP obligations and consumer privacy protections.<b> </b></p>
<h3><b><a id="myth3"></a>Myth 3:</b> <i>The FCC’s privacy rules put Internet service providers at an unfair disadvantage when compared to Internet companies like Google who can profit off of consumer</i>s’ <i>data.</i></h3>
<p><b>Fact:</b> Google doesn’t see everything you do on the Internet (neither does Facebook, for that matter, or any other online platform)—they only see the traffic you send to them. And you can always choose to use a different website if you want to avoid Google’s tracking. None of that is true about your ISP. You probably only have one, maybe two options when it comes to ISPs offering high-speed Internet, and your ISP sees everything—they have to, in order to send your traffic to the right place. That’s why we need the FCC’s privacy rules: ISPs are in a position of power, and they’ve shown they’re willing to abuse that power.</p>
<p>Plus, if you’re worried about <a href="https://www.eff.org/deeplinks/2016/12/new-and-improved-privacy-badger-20-here">creepy third-party tracking</a> online, <a href="https://www.eff.org/privacybadger">you can use free tools to protect yourself</a>; the only way to protect your privacy from your ISP is to pay for a VPN.</p>
<p><b>Extended Version:<br /></b>To begin with, it’s worth remembering that ISPs and companies like Google or Facebook see entirely different parts of your Internet activity; namely that Google or Facebook only see the traffic you send to their servers, while ISPs see <i>all</i> your traffic. Even when you take into account the fact that Google and Facebook have creepy third-party trackers spread across the web, they still only see a fraction of what your ISP sees. Being able to see all of your traffic gives your ISP an unprecedented view into your life (everything from what you’re shopping for, to who you talk to, to what your politics are, to what you read), which not even Google or Facebook can achieve.</p>
<p>There’s also another big difference between Comcast and Google: choice. While Internet users can choose between numerous online services for search, email, and more—including services that feature built-in privacy protections as a selling point—most consumers have few if any options when it comes to choosing an ISP. According to the FCC’s 2016 Broadband Progress Report, 51 percent of households have access to only one high-speed broadband provider. If that provider decides to sell their data, they can’t vote with their wallets and choose another ISP. <b></b></p>
<p>There’s one last difference: Internet users can <i>prevent</i> companies like Google from spying on them as they surf the web. If you want to do something online without being tracked, you can use a variety of free tools that even powerful companies like Google cannot overcome. But nothing short of paying to use a virtual private network—essentially having to pay a fee to protect your online privacy—will protect you from your ISP.</p>
<p>Now that you’ve heard the FUD ISPs and the advertising industry are spreading, take a moment and help us protect your privacy from data-hungry ISPs: call Congress <i>today</i> and tell your senators and representative not to repeal the FCC’s ISP privacy rules!</p>
<p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/don-t-let-congress-undermine-our-online-privacy"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Call Congress now and tell them not to repeal the FCC's privacy rules!</strong></a></p>
</div></div></div>Fri, 17 Mar 2017 16:52:17 +0000jeremy95305 at https://www.eff.orgCall To ActionNet NeutralityOnline Behavioral TrackingPrivacyData Brokers: Don’t Let Your Data be Used For Human Rights Abuseshttps://www.eff.org/deeplinks/2017/02/data-brokers-dont-let-your-data-be-used-human-rights-abuses
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF, Amnesty International, Color of Change, the Center for Democracy and Technology, and our other coalition partners are urging data brokers to take a stand against government surveillance and discrimination based on religion, national origin, and immigration status.</p>
<p>As explained in a joint statement released today, data brokers collect and analyze huge amounts of personal data that could easily be used to identify and profile and track people in violation of their basic human rights.</p>
<p>EFF and our allies are calling on data brokers to disclose whether they’ve received government requests for their data, and to make the following pledge:</p>
<blockquote><p>We will not allow our data, or services, to be purchased or otherwise used in ways that could lead to violations of the human rights of Muslims or immigrants in the United States. If we cannot guarantee that our data, or services, will not ultimately be used for such purposes, we will refuse to provide them.</p></blockquote>
<p>You can read the full statement <a href="https://www.eff.org/files/2017/02/27/amr5157842017english_0.pdf">here</a>.</p>
<p>If you’re in California, you can take action to protect your friends, coworkers, and neighbors. California state Sen. Ricardo Lara has introduced a bill that would prevent California from sharing state and local government data with the federal government, when that data could be used to create lists, registries, or databases based on people's religion, national origin, or ethnicity. <a href="https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=10444">Take action now and show your support for S.B. 31</a>.</p>
</div></div></div>Mon, 27 Feb 2017 17:32:41 +0000kerry.sheehan95080 at https://www.eff.orgPrivacyMandatory Data RetentionSurveillance TechnologiesSurveillance and Human RightsSocial NetworksOnline Behavioral TrackingMost Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review https://www.eff.org/deeplinks/2016/12/most-young-gig-economy-companies-way-behind-protecting-user-data-2016-review
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>"Sharing" or "gig economy" companies like Uber and Airbnb continued to grow in 2016, meaning their data protection and privacy practices came into sharp focus </span><span>as millions of Americans turned to these young companies for everything from rides to the airport to renting an apartment instead of a hotel room.<br /></span></p>
<p><span>Customers are entrusting these companies</span><span><span>—</span>including others like Lyft, TaskRabbit, and Instacart</span><span><span>—</span>with enormous amounts of sensitive information about their habits and lives. To access the services offered, or to offer services via company apps, individuals are disclosing data about where they live and shop, what they buy, where they sleep, and where they travel. </span></p>
<p><span>In 2016, we published our annual </span><span><span><i>Who Has Your Back</i> report</span>, which took a close look at policies and practices of gig economy companies and found much to be <a href="https://www.eff.org/document/who-has-your-back-government-data-requests-2016" target="_blank">desired</a>. <a name="sdfootnote1anc" id="sdfootnote1anc"></a><a href="#sdfootnote1sym"><span></span></a></span><span></span><span>On the whole, gig economy companies haven’t caught up with the rest of the tech industry in safeguarding user data against unwarranted government access demands. When the government comes knocking, most gig economy companies—whether home rental services, car sharing, or on-demand labor—aren’t promising to stand by their users.</span></p>
<p><span>Half of the companies we reviewed didn’t require a warrant before turning over customer data to law enforcement. Most of the companies we reviewed haven’t issued transparency reports providing information about the number of government data requests they get. There were some exceptions. Uber and Lyft earned our highest marks for best practices in transparency over their handling of user data. </span></p>
<p><span>But in December, Uber made a change in its iPhone app that <a href="https://www.eff.org/deeplinks/2016/12/uber-should-restore-user-control-location-privacy" target="_blank">undermined user privacy</a>. The company removed an option to limit location tracking of its customers to “While Using,” a privacy setting in the iOS that provides users control of when their information is shared with the app.<a href="#sdfootnote1sym"><sup><span> </span></sup></a>When you need a ride and open the Uber app, you are asked for location data and given the option of providing this “Always” or “Never.” The company took away the option of providing location data only while using the app. Choosing “Always” enables Uber to track your location for five minutes after you leave the vehicle. Sorry, but that’s just creepy and unnecessary. We’ve asked Uber to restore the “While Using” choice.</span></p>
<p><span>Unfortunately the Uber location tracking change is part of a disturbing trend among software makers that we saw continue in 2016 to take away, or at least limit, the ability of users to opt out of functionality that automatically gobbles up your personal information—such as location data and browsing history.<br /></span></p>
<p><span>Two other examples stand out in the past year. Microsoft has aggressively pushed its Windows 10 upgrade on customers, <a href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive" target="_blank">using tactics</a> that went from annoying to downright malicious. If that’s not troubling enough, consumers who upgrade find that once installed, Windows 10 sends an unprecedented amount of usage data back to Microsoft, particularly if users opt in to “personalize” the software using the OS assistant called <a href="https://en.wikipedia.org/wiki/Cortana_%28software%29">Cortana</a>. Here’s a non-exhaustive list of data sent back: location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long. Unless you’re an enterprise user, no matter what, you <em><span>have to </span></em>share at least some of this telemetry data with Microsoft <em><span>and there’s no way to opt-out of it</span></em>.</span></p>
<p><span>The second example involves the note-taking app Evernote. The company adopted a new privacy policy in December that allows some employees to <a href="http://www.computerworld.com/article/3150469/cloud-computing/evernote-changes-its-privacy-policy-and-once-again-alarms-its-users.html" target="_blank">read user content</a> for the sake of improving its machine learning technology. <a name="sdfootnote2anc" id="sdfootnote2anc"></a>Want to avoid the company’s prying eyes? Apparently there’s no clear way to do so if you want to continue using the service.</span></p>
<p><span>As our review shows, it is incumbent upon users to be mindful of what and how much information they give up in order to participate in the digital marketplace and to vote with their feet to platforms that do a better job of protecting user privacy.</span></p>
<p></p>
<p> </p>
<p>This article is part of our Year In Review series. <a href="https://www.eff.org/2016-year-review-digital-rights">Read other articles about the fight for digital rights in 2016.</a> </p>
<p></p><center>Like what you're reading? Support digital freedom defense today!
<p></p></center><center></center><center></center><center></center><center><em> <a href="https://supporters.eff.org/donate/2016-in-review"><img src="/files/2016/05/17/donate-bttn.png" alt="donate to EFF" height="52" width="216" /></a> </em></center>
</div></div></div>Thu, 29 Dec 2016 21:10:08 +0000karen94248 at https://www.eff.orgPrivacyDo Not TrackCell TrackingMobile devicesSocial NetworksOnline Behavioral TrackingLocational PrivacyVictory: Verizon Will Stop Tagging Customers for Tracking Without Consenthttps://www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today, Verizon reached an <a href="https://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0307/DA-16-242A1.pdf">agreement with the
FCC</a> to acquire affirmative consent
before injecting their UIDH tracking header into their customers' web activity on non-Verizon owned sites. This
is <a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">exactly what we asked them to
do</a> in November 2014, and
is a huge win for Internet privacy. ISPs are trusted carriers of our
communications. They should be supporting individuals' privacy rights, not
undermining them.</p>
<p>Verizon started their tracking header program in 2012, but did not describe the
program in its privacy policy at that time. In 2014, EFF
<a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">analyzed the header</a> and
warned that it acted as an undeletable supercookie, bypassing typical steps
people take to protect their Internet privacy, like deleting cookies or
using browser extensions that <a href="https://www.eff.org/privacybadger">block unwanted tracking</a>.</p>
<p>After EFF publicized the details about the UIDH headers, and several news
organizations picked up the story, we started to receive reports that AT&amp;T was
testing a similar tracking header, on a much smaller scale. AT&amp;T did the right
thing and <a href="https://www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses">halted the
program</a>
in response to customer outrage.</p>
<p>In January 2015, Jonathan Mayer (who joined the FCC in November as Chief Technologist) <a href="http://webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/">published a
study</a> revealing
that an advertising network named Turn was using the UIDH header to do exactly
what Verizon claimed was impossible: Resurrecting deleted tracking cookies by
using UIDH. This was particularly egregious because Turn was actually a Verizon
advertising partner.</p>
<p>Following that news, in March 2015, Verizon finally announced their intent to
implement opt-out from UIDH tracking. We stood firm on our opinion: this was a
half measure that did not take into account the invasiveness of modifying
customer traffic for non-routing purposes.</p>
<p>Today's news sets a new standard: ISP tracking is a great risk to individual
privacy, and requires a correspondingly high standard of consent.</p>
<h1>What's next</h1>
<p>This agreement covers one specific form of tracking. There are other ways ISPs
can implement the same tracking that would be much harder to detect. They
can send tracking data only to selected web sites, hindering detection by third
parties. ISPs can (and some very likely do) hide tracking data in a lower protocol layer, like TCP or IP,
setting fields that are normally random based on an agreed-upon code. Or they
could log all user browsing activity themselves and share it upon request.
Detecting these more pernicious methods will require ongoing skilled technical
work by the FCC and other watchdog organizations. Some of these methods may not
be detectable technically, but will require ongoing monitoring of ISP business
practices. We recommend the FCC continue in-depth investigations in this important area.</p>
<p>Tracking header injection isn't the only harmful way in which ISPs modify
customer traffic. Increasingly ISPs are using the same techniques to inject
advertisements or customer notices. This type of modification is both invasive
and a risk to security: it is indistinguishable technically from a
man-in-the-middle attack. We hope the FCC will make it clear to ISPs that this
is not appropriate.</p>
<p>The FCC agreement with Verizon is an important step forward for Internet privacy
within the US. However, traffic injection techniques have also been used
<a href="https://en.wikipedia.org/wiki/Phorm">outside the US</a>. Other national regulatory
agencies should take note of Verizon's opt-in requirement, and impose similar
requirements on any local ISPs using traffic injection.</p>
<p>All told, this is a great victory for everyone who uses the Internet, and we
congratulate the FCC on reaching this agreement.</p>
</div></div></div>Mon, 07 Mar 2016 21:34:57 +0000jsha90708 at https://www.eff.orgAnonymityPrivacyDo Not TrackOnline Behavioral TrackingMobile devicesPanopticlick 2.0 Launches, Featuring New Tracker Protection and Fingerprinting Testshttps://www.eff.org/deeplinks/2015/12/panopticlick-20-launches-featuring-new-tracker-protection-and-fingerprinting-tests
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today we're launching version 2.0 of our tracking and fingerprinting detection tool, <a href="https://panopticlick.eff.org/">Panopticlick</a>. This version brings new tests to our existing tool, such as canvas and touch-capability fingerprinting, updating its ability to uniquely identify browsers with current techniques. In addition, we're adding a brand new suite of tests that detect how well your browser and extensions are protecting you from (1) tracking by ads; (2) from tracking by invisible beacons; and also (3) whether they encourage compliance with the <a href="https://www.eff.org/dnt-policy">Do Not Track policy</a>, which EFF and a <a href="https://www.eff.org/press/releases/coalition-announces-new-do-not-track-standard-web-browsing">coalition</a> of <a href="https://www.eff.org/press/releases/online-ad-company-adopts-new-do-not-track-standard-web-browsing">allies</a> launched earlier this year. We've also redesigned the site look and feel, including friendlier layout on mobile devices. If your browser lacks protections, Panopticlick 2.0 will recommend installing tools that are available on your platform, such as <a href="https://privacybadger.eff.org">Privacy Badger</a>, <a href="https://disconnect.me">Disconnect</a> or <a href="https://getadblock.com">AdBlock</a>, in order to get better protections as you navigate the Web.</p>
<p></p><center><a href="https://panopticlick.eff.org/"><img src="/files/2015/12/16/try-panopticlick-btn.png" alt="Try Panopticlick 2.0" height="98" width="509" /></a></center>
<p>Nearly six years ago, EFF launched the original Panopticlick, a website that allowed users to gather information on how unique – and trackable – their browsers are. By using web headers, JavaScript and plugins, to measure visitors' settings, we were able to confirm that millions of browsers across the globe had unique fingerprints which could be used by tracking companies to follow them around the Web, even if they blocked cookies or hid their IP addresses. Panopticlick continues to be used by hundreds of thousands of people every month to determine just how much identifiable information their settings and configuration exposes. Shortly after the initial launch, we were <a href="https://www.eff.org/press/archives/2010/05/13">able to determine</a> that 84% of users were uniquely identifiable by their browsers alone, without ever logging in to a user account. In the last six years, novel techniques such as <a href="https://en.wikipedia.org/wiki/Canvas_fingerprinting">canvas fingerprinting</a> have allowed trackers to spy on users more effectively than ever before. The use of anonymity software such as <a href="https://www.torproject.org/download/download-easy.html.en">Tor Browser</a> mitigates the effectiveness of fingerprinting by delivering the same headers for every browser, removing plugins, and limiting de-anonymizing JavaScript techniques. In version 2.0, we've included simplified the results from the fingerprinting tests to make them more understandable (you can still click through to the comprehensive results).</p>
<p>Our new tracker- and ad-blocker detection tool gives results for how well your browser is protecting you in three categories. Firstly, it lets you know if you're protected from invisible trackers that are included on many sites without users being aware of them. Secondly, whether you're protected from ads that track you across different domains. And thirdly, it tests if ad companies that promise not to track users by complying with our Do Not Track policy are unblocked by the browser, which gives these companies the incentive to do the right thing. We test the effectiveness of your protection by creating a number of domains that mimic real trackers, observing if resources on these domains are loaded or not. When the test is finishes, we present the users with a simple, informative table indicating their level of protection, with helpful suggestions when their protection isn't adequate.</p>
<p>Finally, we've completely rewritten the back-end code in Python and <a href="https://www.github.com/efforg/panopticlick-python">open sourced</a> the project so that you can see how it works yourself!</p>
<p>Visit <a href="https://panopticlick.eff.org">panopticlick.eff.org</a> to test how well your own browser is protecting you!</p>
</div></div></div>Thu, 17 Dec 2015 18:53:33 +0000bill89335 at https://www.eff.orgAnnouncementDo Not TrackOnline Behavioral TrackingA More Private Browsing Experience: Mozilla Ships Tracking Protection for Firefoxhttps://www.eff.org/deeplinks/2015/11/mozilla-ships-tracking-protection-firefox
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Good news for Firefox users sick of online trackers shadowing their every click: Mozilla just <a href="https://blog.mozilla.org/blog/2015/11/03/firefox-now-offers-a-more-private-browsing-experience/">released Tracking Protection</a> for use with their private browsing mode. </p>
<p>As we <a href="https://www.eff.org/deeplinks/2015/06/ex-mozilla-engineer-calls-for-tracking-protection">wrote previously</a>, we think it's important for users to be able to protect themselves from non-consensual online tracking. That's why we created <a href="https://www.eff.org/privacybadger">Privacy Badger</a>, which enforces <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> around the Web. But it's also important for browser vendors to join in the fight to protect user privacy. Mozilla has done just that with today's announcement.</p>
<p>The new Tracking Protection option in Firefox uses Disconnect's blacklist to block requests to known trackers. Sometimes this will stop invisible 'tracking pixels' or calls to analytics engines. More noticeably it will also block ads that are trying to track you around the Web. While Firefox isn't trying to take a strong stance on Web ads, we agree with them that as long as these ads are invading user privacy for profit, they don't deserve to be displayed.</p>
<p>Ad blockers have often caused contention on the mobile phone ecosystem, and in fact Disconnect's own ad blocker was <a href="https://www.eff.org/deeplinks/2015/06/disconnect-files-eu-anti-trust-complaint-against-google">booted off of the Android app store</a> earlier this year. So we're happy to see that this feature will be released with all versions of Firefox, including mobile versions, allowing users to protect their browsing no matter where they do it.</p>
<p>This is happening on the heels of Apple's <a href="http://techcrunch.com/2015/09/17/a-day-after-ios-9s-launch-ad-blockers-top-the-app-store/">support for ad blockers in iOS 9</a>, so it seems that real solutions for addressing the problem of nonconsensual tracking are starting to gain momentum. With tracking blocking as a built-in functionality, it will reach more users. That means no more navigating through the large and confusing ecosystem of third party ad blockers. And that's a win for users.</p>
<p>This is a first step, but Mozilla could do more to be a leader in protecting user privacy. Right now, tracking protection is available only in private browsing mode. Ideally, Mozilla would also commit to protecting people outside of private browsing mode by turning on Tracking Protection for users that have enabled the Do Not Track setting in their browser. Mozilla could also join the <a href="https://www.eff.org/press/releases/coalition-announces-new-do-not-track-standard-web-browsing">Do Not Track coalition</a>, and commit to not blocking the ads of those companies that agree to abide by Do Not Track. </p>
<p>We look forward to seeing other browsers and mobile platforms follow in Firefox's footsteps. We hope that this will also send a strong message to advertisers—if you track users nonconsensually, you're not welcome on the Net.</p>
<p></p>
</div></div></div>Wed, 04 Nov 2015 00:47:38 +0000noah88777 at https://www.eff.orgCommentaryDo Not TrackOnline Behavioral TrackingClear Rules of the Road with the Do Not Track Policyhttps://www.eff.org/deeplinks/2015/08/clear-rules-road-do-not-track-policy-0
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>What if using the Web didn’t mean sacrificing your privacy?</p>
<p>We’ve spent years thinking about simple ways for everyday users to demand real privacy online. And, working in consultation with privacy experts across the globe, we’ve got a blueprint for addressing one particularly challenging privacy dilemma: online tracking.</p>
<p>EFF just released the first <a href="//www.eff.org/dnt-policy">detailed policy implementation of Do Not Track</a> (DNT) as a Web privacy opt-out. We’ve also created a <a href="https://www.eff.org/pages/understanding-effs-do-not-track-policy-universal-opt-out-tracking">less technical guideline to the policy</a>. </p>
<p>DNT is a <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">browser setting</a> available in popular browsers. When activated, it signals to websites that the user does not consent to tracking. EFF’s Do Not Track policy is both a rules-of-the-road for services that want to treat users' data respectfully and the logical engine behind our new anti-tracker plug-in, <a href="https://eff.org/pb">Privacy Badger</a>. When a user turns on DNT—signaling that she doesn’t want her browsing activities tracked—compliant service providers agree to turn off much of their tracking capabilities. Our policy explains how those service providers should act. </p>
<p>Privacy Badger exists for Firefox and Chrome. Once installed, it configures the DNT header automatically so that the browser broadcasts to the world that the user doesn't want to be tracked. Privacy Badger then examines any website visited to check whether it has agreed to honor DNT. If no policy is visible, Privacy Badger scans for visible or invisible "third party" scripts or images that appear to be tracking anyway, and blocks them. In essence, Privacy Badger serves as a technical measure for enforcing the privacy ideals at the heart of the DNT policy.</p>
<p><b>We Want A Universal Opt-Out From Tracking</b></p>
<p>Tracking systems are everywhere on the Web, and just clearing your cookies isn’t a sufficient defense against the myriad tools used to track you online. </p>
<p>Online trackers collect and correlate data about the Web activity of individuals or devices without consent, not just with cookies but with supercookies, system fingerprints, and other unique identifiers to spy on user browsing habits. Normally, their purpose is to profile people so as to increase revenue through 'behavioral advertising' as well as to enable retargeting—where companies follow you around the Web hoping to close a potential sale. Some people are okay with this tracking because they find the ads more relevant, but others find it creepy. Social networks, market research, and analytics companies are also <a href="https://cyberlaw.stanford.edu/blog/2010/12/do-not-track-isnt-just-about-behavioral-advertising">collecting sensitive information</a> about user activity, and they typically do it without consent as well.</p>
<p>In response to public controversy, and to stave off the threat of regulation, the Digital Advertising Association (DAA) launched a self-regulatory scheme called AdChoices, an opt-out not from tracking but from targeted ads. Their system is cumbersome to activate, relies upon cookies (risking later deletion and a return to square one), and is not comprehensive in its coverage. Worst of all, it does not actually stop tracking.</p>
<p>Right now, the only option for users who want to protect their privacy online is to use some kind of technological fix, like "tracker protection” extensions or settings in the browser, which block known or identifiable trackers. EFF’s tracking protection extension is called Privacy Badger, and can be <a href="https://www.eff.org/privacybadger">downloaded for free</a>.</p>
<p>Because many ads are designed to track user activity across the Web, they get blocked as well. Some argue that ad blocking undermines the sustainability of websites that rely on ad revenue, but if viewing online ads comes at the cost of individual privacy, then the price is too high.</p>
<p>We’d like to strike a balance between the needs of users and website operators by creating clear, reasonable guidelines for respecting user privacy. That's the idea behind EFF’s DNT policy.</p>
<p><b>A Little History on DNT and the W3C</b></p>
<p>DNT is a <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">browser setting</a> available in popular browsers. When activated, it signals to websites that the user does not consent to tracking.</p>
<p>DNT was first proposed in 2007 in response to advertising models based on the accumulation and exploitation of user data. Controversy grew as media reports like the Wall Street Journal's '<a href="http://www.wsj.com/public/page/what-they-know-digital-privacy.html">What They Know</a>' series drew attention to the sophisticated and nontransparent tactics used to track users online. This led the Federal Trade Commission and others to back DNT as a solution.</p>
<p>In 2011, the World Wide Web Consortium (W3C)—the organization that develops standards for the Web—convened a working group to define how DNT could work, what it would mean, and how sites should comply with it. The group included representatives from the technology, advertising, and publishing sectors, as well as consumer and privacy advocates (including EFF).</p>
<p>The W3C working group meetings were <a href="https://www.eff.org/deeplinks/2012/10/ad-industrys-assault-do-not-track-continues-w3c-amsterdam-meeting">contentious</a>. From the outset, parts of the advertising industry cast doubt on the very existence of a privacy harm for DNT to address. Then they argued that DNT should mean “do not target,” basically the same system that AdChoices uses. EFF engaged with W3C for some time in hopes that a reasonable standard for protecting user privacy could be created. However, the door on this standard closed in September 2013 with the withdrawal of the Digital Advertising Alliance from the process, de facto representatives of the biggest online advertising companies.</p>
<p>The W3C has persevered on finalizing <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-lc.html">a DNT policy</a>. But after thousands of emails and innumerable meetings, the standard still isn't ready. EFF wants to build on the W3C's work, so we're taking their <a href="http://www.w3.org/TR/tracking-dnt/">technical blueprint for DNT</a> and proposing a guide for its implementation, so that companies can put it into action and users benefit from it—right away.</p>
<p><b>Our Response: Rules for Websites and A Tool for Users</b></p>
<p>Our approach works on two levels. The DNT policy sets out what is expected from companies who follow EFF's framework in response to the browser signal. These rules and exceptions strike a balance between user privacy and the needs of data service operators. The policy is also implemented technically by Privacy Badger, which seeks to enforce DNT's principles if companies do not respect them.</p>
<p>At the core of our project is the protection of users' reading habits and browsing history, and a conviction that this is personal information that should not be accessed without consent. Websites and apps adopting DNT agree to abide by that principle. They promise only to collect the data necessary for use of their services, and to discard it as soon as practically possible. If a website wants to collect more, it cannot hide that policy in unread “Terms &amp; Conditions.” Our policy requires that consent for tracking be obtained in a clear and unambiguous manner. One of our first implementers, Medium, offers a great example, making it clear to users at login that from that point onwards their reading will be logged:</p>
<p><img src="/files/styles/large/public/2015/08/03/medium_consent.png?itok=NwwuEKos" alt="" width="480" height="182" class="image-large" /></p>
<p>Fig.1 Medium.com provides DNT users with clear enough guidance at log-in to obtain consent.</p>
<p></p>
<p>The policy includes exceptions to accommodate the everyday practicalities of the Web. Users know that when they click an ad, post a comment, or make a purchase, data will be retained about these events. Likewise, service operators have legitimate concerns such as security, fraud prevention, and statistics, and there are reasonable exceptions for these issues.</p>
<p>Companies supporting DNT do so voluntarily, but once they have promised to abide by its conditions they can be held to that promise by law. Of course the policy is also enforced directly by Privacy Badger and the other privacy tools who have agreed to adopt it, like AdBlock and Disconnect. We hope that mainstream Web browsers begin to offer these protections to their users soon too.</p>
<p>As well as protecting users' privacy, we also want to reward companies that actually respect DNT. <a href="https://eff.org/privacybadger">Privacy Badger,</a> EFF's tracker-blocking browser extension, will do exactly that. Privacy Badger will block the creepy trackers that are spying on you, while allowing the companies that pledge to respect your privacy to display their embedded content unhindered—including their ads.</p>
<p>Many websites currently rely on online advertising for their revenue stream, but this does not mean that we should allow the Web to be a ubiquitous surveillance apparatus. Our DNT policy offers a new pact between users and websites to make the Internet a better place. For websites who refuse to do the right thing, Privacy Badger offers a tool for users who want to protect themselves.</p>
</div></div></div>Sat, 08 Aug 2015 23:25:31 +0000rainey87324 at https://www.eff.orgCommentaryDo Not TrackOnline Behavioral TrackingHealthCare.gov Sends Personal Data to Dozens of Tracking Websiteshttps://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="http://m.apnews.com/ap/db_289563/contentdetail.htm?contentguid=Py6rd7WO">The Associated Press reports</a> that healthcare.gov–the flagship site of the Affordable Care Act, where millions of Americans have signed up to receive health care–is quietly sending personal health information to a number of third party websites. The information being sent includes one's zip code, income level, smoking status, pregnancy status and more.</p>
<p></p><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2015/01/20/hc_gov_requests.png" alt="" title="" width="904" height="165" /><p class="caption-text">An example of personal health data being sent to third parties from healthcare.gov</p></div></div></div>
<p>EFF researchers have independently confirmed that healthcare.gov is sending personal health information to at least 14 third party domains, even if the user has enabled <a href="https://eff.org/issues/do-not-track">Do Not Track</a>. The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web. The referrer header lets the requested resource know what URL the request came from. This would for example let a website know who else was linking to their pages. In this case however the referrer URL contains personal health information.</p>
<p>In some cases the information is also sent embedded in the request string itself, like so:</p>
<p><code>https://4037109.fls.<b>doubleclick.net</b>/activityi;src=4037109;<br />
type=20142003;cat=201420;ord=7917385912018;~oref=https://www.<br />
healthcare.gov/see-plans/85601/results/?county=04019&amp;<b>age=40&amp;</b> <b>smoker=1&amp;parent=&amp;pregnant=1&amp;mec=&amp;zip=85601&amp;state=AZ&amp;income=35000&amp; </b>&amp;step=4?</code></p>
<p>In the above example, a URL at doubleclick.net is requested by your browser. Appended to the end of this URL is your age, smoking status, preganacy status, parental status, zip code, state and annual income. This URL is requested by your browser after you fill out the required information on healthcare.gov and click the button to view health insurance plans that you are eligible for. </p>
<p>The following is a table showing which third party domains EFF researchers confirmed were receiving the private health data.</p>
<table cellpadding="4" cellspacing="0"><tr valign="top"><td width="33%"><b>Domain</b></td>
<td width="33%"><b>PII in referrer</b></td>
<td width="33%"><b>PII in request</b></td>
</tr><tr valign="top"><td width="33%">Akamai.net </td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Chartbeat.net</td>
<td width="33%">✓</td>
<td width="33%">✓</td>
</tr><tr valign="top"><td width="33%">Clicktale.net</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Doubleclick.net</td>
<td width="33%">✓</td>
<td width="33%">✓</td>
</tr><tr valign="top"><td width="33%">Google.com</td>
<td width="33%">✓</td>
<td width="33%">✓</td>
</tr><tr valign="top"><td width="33%">Mathtag.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Mixpanel.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Nrd-data.net</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Optimizely.com</td>
<td width="33%">✓</td>
<td width="33%">✓</td>
</tr><tr valign="top"><td width="33%">Reson8.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Rfihub.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Twitter.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Yahoo.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr><tr valign="top"><td width="33%">Youtube.com</td>
<td width="33%">✓</td>
<td width="33%"></td>
</tr></table><p>Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker.<a class="see-footnote" id="footnoteref1_oum17l3" title="Update 2015-01-21: Google has told us that although Doubleclick does log and retain this data, the company doesn't use it for choosing which ads to display. This does not reduce our privacy and security concerns about the practices of healthcare.gov and its many embedded third parties." href="#footnote1_oum17l3">1</a> Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when <a href="http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/">Target notified a woman's family that she was pregnant before she even told them</a>. </p>
<p>It's especially troubling that the U.S. government is sending personal information to commercial companies on a website that's touted as the place for people to obtain health care coverage. Even more troubling is the potential for companies like Doubleclick, Google, Twitter, Yahoo, and others to associate this data with a person's actual identity. Google, thanks to real name policies, certainly has information uniquely identifying someone using Google services. If a real identity is linked to the information received from healthcare.gov it would be a massive violation of privacy for users of the site.</p>
<p>Third-party resources could also introduce additional security risks to the healthcare.gov website, with each included third-party resource increasing the attack surface of the site. If an attacker were able to compromise just one of the third party resources included on healthcare.gov they could potentially compromise the accounts of every user of healthcare.gov. The attacker could then sell the Private Health Information or <a href="http://www.computerworld.com/article/2859026/illinois-hospital-reports-data-blackmail.html">hold it for ransom</a>. </p>
<p>For now, EFF recommends installing software that will block third party tracking, such as EFF's own <a href="https://www.eff.org/privacybadger">Privacy Badger</a>. Privacy badger will block the referrers and the connections to third party sites on healthcare.gov and protect your personal health information.</p>
<p>Health information is some of the most sensitive and personal information there is. People's private medical data should not be available to third party companies without consent from the user. This practice is negligent at best, and potentially devastating for consumers. At a miminum, healthcare.gov should disable third-party trackers for any user that <a href="https://github.com/EFForg/dnt-policy/blob/master/dnt-policy-discussion-draft.txt#L29-L35">requests an opt out</a> using the DNT header. Arguably, healthcare.gov should <a href="https://eff.org/dnt-policy">meet good privacy standards</a> for all its users.</p>
<p>President Obama will give his State of the Union speech tonight, in which he is expected to address cybersecurity issues. If President Obama is really concerned about cybersecurity, he may want to start in his own backyard, by securing healthcare.gov.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_oum17l3"><a class="footnote-label" href="#footnoteref1_oum17l3">1.</a> <b>Update 2015-01-21</b>: Google has told us that although Doubleclick <b>does</b> log and retain this data, the company <a href="https://support.google.com/adwordspolicy/answer/143465?hl=en">doesn't</a> use it for choosing which ads to display. This does not reduce our privacy and security concerns about the practices of healthcare.gov and its many embedded third parties.</li>
</ul></div></div></div>Tue, 20 Jan 2015 22:25:35 +0000cooperq83937 at https://www.eff.orgTechnical AnalysisDo Not TrackMedical PrivacyThe Law and Medical PrivacyOnline Behavioral TrackingAd Network Turn Will Suspend Zombie Cookie Program. When Will Verizon?https://www.eff.org/deeplinks/2015/01/ad-network-turn-will-suspend-zombie-cookie-program-when-will-verizon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Advertising network Turn announced today that they will <a href="https://www.turn.com/blog/zombie-cookie-id-to-be-suspended-pending-re-evaluation">suspend their zombie tracking cookie program.</a> Turn was recently caught <a href="http://webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/">using Verizon Wireless' invasive UIDH header</a> to undelete tracking cookies that web visitors had previously deleted. This unacceptable practice means that users who delete cookies to avoid Turn's and others' tracking will continue to be tracked against their will, using information associated with their previous activity through a permanent identity.</p>
<p><a href="https://act.eff.org/action/hold-verizon-accountable-for-violating-its-users-privacy" title="Verizon Action"><img src="/files/2015/01/15/verizon-action.png" alt="Take Action" title="Take Action" class="image-right" px="" height="188" width="190" /></a> This is a step toward victory for everyone who spoke out against Turn's zombie cookies, but it is not enough. Turn's cookies just underscore the <a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">huge privacy problems</a><a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh"></a> with Verizon's header injection. Turn's cookies were the first example found, but Verizon enables <i>any</i> company to use the identifier in similarly abusive ways, <a href="https://www.eff.org/deeplinks/2015/01/verizon-and-turn-break-browser-privacy-protections">some of which may not be visible to users</a>.</p>
<p>Verizon needs to follow Turn's lead, and <strong>end their UIDH header injection program immediately.</strong></p>
<p>Turn plans to "suspend" the zombie cookie program "pending re-evaluation." We again call on Turn to <strong>end their zombie cookie program permanently</strong>, and to commit not to use headers, browser fingerprinting, or any other method to circumvent individuals' decision to delete cookies. Additionally, Turn says, "By early February, Turn will not 'respawn' cookie IDs associated with the Verizon UIDH." Turn should treat this as the urgent privacy problem that it is, and end the cookie respawning today, not three weeks from now.<em></em></p>
<p>Companies that engage in cookie syncing with Turn, as <a href="https://www.eff.org/deeplinks/2015/01/verizon-and-turn-break-browser-privacy-protections%20">EFF described recently</a>, should immediately disable the Turn cookie syncing program and delete existing cookie syncing data until Turn has confirmed that they have stopped respawning cookies and have purged any cookies that they may have respawned.</p>
</div></div></div>Sat, 17 Jan 2015 00:03:54 +0000jsha83913 at https://www.eff.orgPrivacyDo Not TrackOnline Behavioral TrackingMobile devicesMobile Privacy and Security Takes Two Steps Forward, One Step Back: 2014 in Reviewhttps://www.eff.org/deeplinks/2014/12/2014-review-mobile-privacy-and-security-takes-two-steps-forward-one-step-back
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="https://www.eff.org/deeplinks/2014/11/2014-year-review"><img src="/files/2014/12/19/2014-year-review.jpg" alt="" class="image-right" height="242" width="461" /></a>2014 has seen a flurry of events surrounding the issues of privacy and security when it comes to mobile devices. Here are some highlights.</p>
<p>EFF started the year by <a href="https://www.eff.org/deeplinks/2014/01/making-the-mobile-web-safer-with-https-everywhere">releasing HTTPS Everywhere on Firefox for Android</a>. Before, HTTPS Everywhere could only protect web browsing on desktop platforms, but with the release of HTTPS Everywhere for Firefox for Android, that same protection became available for Android devices as well.</p>
<p>June saw what was perhaps the biggest victory for smartphone privacy all year. Following several <a href="https://www.eff.org/deeplinks/2014/02/massachusetts-requires-warrants-cell-tracking">similar</a> <a href="https://www.eff.org/deeplinks/2014/02/two-new-decisions-strengthen-cell-phone-privacy-texas-and-washington">rulings</a> earlier in the year by various state courts, the U.S. Supreme Court ruled that <a href="https://www.eff.org/press/releases/supreme-court-sets-powerful-limits-cell-searches-fails-protect-internet-streaming">police must obtain a warrant in order to search a suspect’s cellphone</a>. While the importance of this victory cannot be overstated, there were still more victories to come.</p>
<p>For example, June also saw <a href="https://www.eff.org/deeplinks/2014/06/umbrella-hurricane-apple-limits-mobile-device-location-tracking">Apple announce that it would limit the ability of third-parties to physically track iPhones and iPads</a> by randomizing MAC addresses.<a class="see-footnote" id="footnoteref1_36fxxdh" title="While there has been some concern about the actual implementation, it’s at least a step in the right direction." href="#footnote1_36fxxdh">1</a> And in July, <a href="https://www.eff.org/deeplinks/2014/07/your-android-device-telling-world-where-youve-been">an EFF investigation showed that Android devices were announcing to the world which Wi-Fi networks they’d connected to in the past</a>, giving anyone listening in a history of where the device’s owner had been. What at first appeared to be a setback turned into a victory, though, when a Google employee submitted a patch that fixed the bug.</p>
<p>Another step forward came in September, when Apple announced that future iOS devices would feature disk-encryption enabled by default. (Google made a similar announcement for Android shortly afterwards.) This led to a predictable demand from law enforcement for encryption backdoors, which we explained would be a <a href="https://www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography">terrible</a>, <a href="https://www.eff.org/deeplinks/2014/10/even-golden-key-can-be-stolen-thieves-simple-facts-apples-encryption-decision">horrible</a>, <a href="https://www.eff.org/deeplinks/2014/10/eff-response-fbi-director-comeys-speech-encryption">very bad</a> idea.</p>
<p>Unfortunately, 2014 also saw some setbacks.</p>
<p>September saw <a href="https://www.eff.org/deeplinks/2014/08/blocking-consumer-choice-googles-dangerous-ban-privacy-security-app">Google ban the privacy and security app Disconnect Mobile from the Play Store</a>. Disconnect Mobile is designed to block non-consensual third-party tracking, much like EFF’s own Privacy Badger. Unfortunately non-consensual third-party tracking is used by a large fraction of mobile advertisers, a demographic Google appears to care for more than its users.</p>
<p>Perhaps the biggest setback of the year came in November, when security researchers showed how <a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">Verizon and AT&amp;T were injecting uniquely identifying headers</a> (effectively perma-cookies) into their customers’ traffic. While the public outcry <a href="https://www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses">led AT&amp;T to stop, Verizon refused to do so</a>.</p>
<p>Despite these setbacks, progress on mobile privacy was primarily positive in 2014, in terms of both how the law treats mobile devices, and in terms of privacy-enhancing mobile technologies.</p>
<p>There’s still plenty left to do in the coming year, though. EFF attorneys worked <a href="https://www.eff.org/deeplinks/2014/07/constitutionally-important-consensus-location-privacy">throughout</a> <a href="https://www.eff.org/deeplinks/2014/11/new-eff-brief-explains-why-cell-phone-location-records-are-private-and-government">2014</a> to convince the courts that police should have to get a warrant before demanding cellphone location records, and those cases will continue in 2015. We also intend to keep up the pressure on Verizon about its perma-cookie program. With your help, we can ensure that 2015 has just as many victories for mobile privacy as 2014.</p>
<p>This article is part of our <em>Year In Review</em> series; <a href="https://www.eff.org/deeplinks/2014/11/2014-year-review">read other articles</a> about the fight for digital rights in 2014. Like what you're reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. <a href="https://eff.org/last-call">Join us today</a> and defend free speech, privacy, and innovation.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_36fxxdh"><a class="footnote-label" href="#footnoteref1_36fxxdh">1.</a> While there has been some concern about the actual implementation, it’s at least a step in the right direction.</li>
</ul></div></div></div>Sun, 04 Jan 2015 23:50:41 +0000jeremy83638 at https://www.eff.orgCell TrackingEncrypting the WebLaw Enforcement AccessOnline Behavioral TrackingSearch Incident to Arrest8 Stellar Surveillance Scoops: 2014 in Reviewhttps://www.eff.org/deeplinks/2014/12/2014-review-8-stellar-surveillance-scoops
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="https://www.eff.org/deeplinks/2014/11/2014-year-review"><img src="/files/2014/12/19/2014-year-review.jpg" alt="" class="image-right" height="242" width="461" /></a>Oversight boards and congressional subcommittees can occasionally be effective, but nothing keeps the government in check like investigative reporting. Here are eight stories about surveillance that made our jaws drop this year:</p>
<h3>Counter-surveillance Burglars Reveals Themselves</h3>
<p>One of the earliest <a href="http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html?_r=0">scoops</a> of the year was 43 years in the making. For her 2014 book, "<a href="http://theburglary.com/">The Burglary: The Discovery of J. Edgar Hoover’s Secret FBI</a>," former Washington Post reporter Betty Medsger convinced several members of an activist group, the Citizens’ Commission to Investigate the FBI, to finally go on record about how, in 1971, they stole records showing the agency’s shocking surveillance operations.</p>
<h3>NSA Spying on Muslim Leaders</h3>
<p>In July, First Look Media’s Glenn Greenwald and Murtaza Hussain dropped the <a href="https://firstlook.org/theintercept/2014/07/09/under-surveillance/">bombshell</a> that the NSA has been spying on Muslim-American leaders, including the executive director and founder of the Council on American-Islamic Relations, a longtime EFF client. The report was based largely on the Snowden cache, which also included an email where the term “Mohammed Raghead” is used as a placeholder target in a surveillance document template.</p>
<h3>Stingrays on a Plane</h3>
<p>Over the last few years, the privacy and civil liberties community has become more and more concerned over the use of fake cell phone towers, also known as “IMSI catchers” or “<a href="https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy">Stingrays</a>,” to vacuum up data from everyday people. Devlin Barrett at the Wall Street Journal<i> </i><a href="http://www.wsj.com/articles/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533?tesla=y&amp;mg=reno64-wsj">reported</a> on one device, nicknamed "dirtbox," which the U.S. Marshals have attached to planes to gather enormous amounts of cell phone data. (The WSJ<i> </i>story is behind a paywall, so check out the <a href="http://www.washingtonpost.com/world/national-security/us-marshals-service-reportedly-gathering-phone-data-through-airborne-surveillance/2014/11/13/d1a863d6-6b8b-11e4-a31c-77759fc1eacc_story.html">Washington Post</a> and <a href="http://www.wired.com/2014/11/feds-motherfng-stingrays-motherfng-planes/">Wired</a><i>’s </i>versions.)</p>
<h3>Sabu and the FBI</h3>
<p><a href="http://www.dailydot.com/tags/sabu/">Daily Dot</a> and Vice’s <a href="http://motherboard.vice.com/read/exclusive-how-an-fbi-informant-helped-anonymous-hack-brazil">Motherboard</a> obtained leaked chat logs and other documents, some of which were under seal, involving hacker and FBI informant Hector Xavier Monsegur, aka "Sabu." The FBI <a href="http://www.theguardian.com/technology/2014/may/26/hacker-fbi-anonymous-leniency-prosecutors-monsegur-sabu">credited</a> Sabu with helping them cripple Anonymous. The reports raises important questions about how much the feds knew as he orchestrated major attacks against companies and <a href="http://www.dailydot.com/politics/fbi-hammond-sabu-hack-country-list/">foreign nations</a>.</p>
<h3>NSA on the Side</h3>
<p>Reuters’ Warren Strobel and Mark Hosenball <a href="http://www.reuters.com/article/2014/10/17/us-usa-intelligence-nsa-idUSKCN0I624Y20141017">reported</a> on how the NSA’s Chief Technical Officer Patrick Dowd was moonlighting for former NSA Chief Keith Alexander’s new company. Meanwhile, <i>Vice</i>’s Jason Leopold used a Freedom of Information Act lawsuit to <a href="https://news.vice.com/article/these-are-the-financial-disclosure-forms-the-nsa-said-would-threaten-national-security">obtain</a> Alexander’s annual financial disclosure records (The Daily Beast’s Shane Harris also published an <a href="http://www.thedailybeast.com/articles/2014/11/03/nsa-chief-cashed-in-on-at-t-as-it-spied-on-you.html">incisive analysis</a> of Alexander’s investments). Then Buzzfeed’s Aram Roston <a href="http://www.buzzfeed.com/aramroston/exclusive-family-business-at-the-national-security-agency#1u8oxdk">revealed</a> how the husband of then-head of the NSA’s Signals Intelligence Directorate Theresa Shea was seeking government contracts in signals intelligence work.</p>
<h3>DEA’s Fake Facebook Page</h3>
<p>Buzzfeed’s Chris Hamby was the first to <a href="http://www.buzzfeed.com/chrishamby/government-says-federal-agents-can-impersonate-woman-online?utm_term=3bgq1fs#v2j874">report</a> on a lawsuit by a woman who says Drug Enforcement Administration officers took personal images from her cell phone and used them to create a fake Facebook page to investigate other suspects. The story drew condemnations against the DEA both from <a href="https://www.documentcloud.org/documents/1336541-facebook-letter-to-dea.html">Facebook</a> and <a href="http://www.buzzfeed.com/chrishamby/senator-leahy-blasts-dea-for-impersonating-woman-online#.aiDgrK14z">Sen. Patrick Leahy</a>.</p>
<h3>License Plate Reader Shenanigans</h3>
<p><a href="http://www.wired.com/2014/05/license-plate-tracking/">Wired</a>, <a href="http://www.latimes.com/business/la-fi-law-enforcement-contractors-20140518-story.html#page=1">Los Angeles Times</a> and the <a href="https://beta.cironline.org/reports/plans-to-expand-scope-of-license-plate-readers-alarm-privacy-advocates-2/">Center for Investigative Reporting</a> each zeroed in on Vigilant Solutions, one of the main suppliers of automatic license plate readers and license plate data to law enforcement agencies. Among the more sketchy practices: aggressive lobbying, quotas on busts, and policies forbidding cops from communicating with the media.</p>
<h3>Boston’s Secret Surveillance Systems</h3>
<p>In DigBoston’s “<a href="http://digboston.com/boston-news-opinions/2014/08/boston-trolling-part-i-you-partied-hard-at-boston-calling-and-theres-facial-recognition-data-to-prove-it/">Boston</a> <a href="http://digboston.com/boston-news-opinions/2014/08/boston-trolling-part-ii-smarter-city-or-city-under-surveillance/">Trolling</a>” series, reporters Chris Faraone, Kenneth Lipp, and Jonathan Riley searched the deep web to uncover creepy new technologies being deployed against Boston citizens, including the testing of high-definition facial recognition technologies against attendees of the annual Boston Calling music festival.</p>
<p>This article is part of our <em>Year In Review</em> series; <a href="https://www.eff.org/deeplinks/2014/11/2014-year-review">read other articles</a> about the fight for digital rights in 2014. Like what you're reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. <a href="https://eff.org/last-call">Join us today</a> and defend free speech, privacy, and innovation.</p>
</div></div></div>Tue, 23 Dec 2014 22:15:44 +0000dm83658 at https://www.eff.orgCommentaryCell TrackingLocational PrivacyNSA SpyingOnline Behavioral TrackingVerizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controlshttps://www.eff.org/deeplinks/2014/11/verizon-x-uidh
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Verizon users might want to start looking for another provider. In an effort to <a href="http://www.adexchanger.com/data-exchanges/can-you-identify-me-now-a-deep-dive-on-verizons-data-practices/">better serve advertisers</a>, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.</p><p>Verizon apparently created this mechanism to expand <a href="http://precisionmarketinsights.com/our-data-products/precisionid/">their advertising programs</a>, but it has privacy implications far beyond those programs. Indeed, while we're concerned about Verizon's own use of the header, we're even more worried about what it allows <em>others </em>to find out about Verizon users. The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy. Worse still, Verizon doesn't let users turn off this "feature." In fact, it functions even if you use a private browsing mode or clear your cookies. You can test whether the header is injected in your traffic by visiting <a href="http://lessonslearned.org/sniff">lessonslearned.org/sniff</a>&nbsp;or <a href="http://www.amibeingtracked.com/">amibeingtracked.com</a>&nbsp;over a cell data connection.</p><h3>How X-UIDH Works, and Why It's a Problem</h3><p>Like a cookie, this header uniquely identifies users to the websites they visit. Verizon adds the header at the network level, between the user's device and the servers with which the user interacts. Unlike a cookie, the header is tied to a data plan, so anyone who browses the web through a hotspot, or shares a computer that uses cellular data, gets the same X-UIDH header as everyone else using that hotspot or computer. That means advertisers may build a profile that reveals private browsing activity to coworkers, friends, or family through targeted advertising.</p><p>Also unlike a cookie, Verizon's header is nearly invisible to the user and can't be seen or changed in the device's browser settings. If a user clears their cookies, the X-UIDH header remains unchanged. Worse, ad networks can immediately assign new cookies and link them to the cleared cookies using the unchanged X-UIDH value. We don't know which data brokers and ad networks are using the header to create behavioral profiles, but <a href="http://codydunne.blogspot.com/2014/10/verizon-wireless-injecting-tracking.html" style="line-height: 20.0063037872314px;">Cory Dunne found</a> at least one GitHub repository contained code to extract the header value, as of October 27. The repository has since been quietly deleted but <a href="https://web.archive.org/web/20141027194059/https://github.com/Funnerator/fast_tim_conf/blob/master/lua/id_set.lua" style="line-height: 20.0063037872314px;">can be viewed at the Internet Archive</a>. Twitter's mobile advertising division also <a href="http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users">appears to use the header for ad auctions</a>.</p><p>Besides cookie clearing, the X-UIDH header bypasses several other built-in browser privacy mechanisms. Cookies belong to a single website and aren't shared with other websites. But one unique X-UIDH header value is shared with all unencrypted websites a user visits, making it easier for ad networks to track that user across many sites in a way not possible with cookies alone. Browsers provide Incognito Mode or Private Browsing Mode in order to defeat some kinds of tracking, but the X-UIDH header, since it is injected at the network layer, ignores those modes. Verizon also chooses to ignore <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a>, a setting users enable in their browser to indicate they do not want to be tracked. Similarly, disabling third-party cookies in browser settings does nothing to stop the X-UIDH header.</p><p>To compound the problem, the header also affects more than just web browsers. Mobile apps that send HTTP requests will also have the header inserted. This means that users' behavior in apps can be correlated with their behavior on the web, which would be difficult or impossible without the header. Verizon describes this as a key benefit of using their system. But Verizon bypasses the 'Limit Ad Tracking' settings in iOS and Android that are specifically intended to limit abuse of unique identifiers by mobile apps.</p><p>Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers. Notably, Verizon appears to inject the X-UIDH header <a href="https://twitter.com/RonnicaZ/status/525786331272998912">even for customers of Straight Talk</a>, a mobile network reseller (known as a MVNO) that uses Verizon's network. Customers of Straight Talk don't necessarily have a relationship with Verizon.</p><p>But according to AdAge, "<a href="http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/">Corporate and government subscribers are excluded from the new marketing solution</a>." We haven't verified (and Verizon refuses to say) whether the header is still sent for those subscribers or not. If they are indeed excepted from the program, that indicates to us that implementing an opt-out is feasible. We're disappointed that Verizon takes some of its users' privacy more seriously than others.</p><h3>Verizon's Claimed Protections</h3><p>Verizon does provide a sort of limited <a href="https://www.verizonwireless.com/myprivacy/">opt-out</a> for individual customers, but it appears that the opt-out does not actually disable the header. Instead, it merely tells Verizon not to share detailed demographic information with advertisers who present a UIDH value. Meaningful protection from tracking by <em>third parties </em>would require Verizon to omit the header entirely.</p><p>According to Verizon, the header value is a <a href="https://security.stackexchange.com/questions/51959/why-are-salted-hashes-more-secure">salted hash</a>, and the hash changes <a href="http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users">on an undisclosed frequency</a>. However, it's easy for third-party ad networks to create a continuous profile by associating old and new X-UIDH values through their own identifier cookie<a class="see-footnote" id="footnoteref1_6a9fxix" title="For instance, suppose an ad network assigned you a cookie with the unique value &quot;cookie1,&quot; and Verizon assigned you the X-UIDH header &quot;old_uid.&quot; When Verizon changes your X-UIDH header to a new value, say &quot;new_uid,&quot; the ad network can connect &quot;new_uid&quot; and &quot;old_uid&quot; to the same cookie value &quot;cookie1&quot; and see that they all three values represent the same person. Similarly, if you subsequently clear cookies, the ad network will assign a new cookie value &quot;cookie2.&quot; Since your X-UIDH value is the same (say, &quot;new_uid&quot;) before and after clearing cookies, the ad network can connect &quot;cookie1&quot; and &quot;cookie2&quot; to the same X-UIDH value &quot;new_uid.&quot; The back-and-forth bootstrapping of identity makes it impossible to truly clear your tracking history while the X-UIDH header is enabled." href="#footnote1_6a9fxix">1</a>. Verizon has refused to say what identifier they hash to create the identifier, but <a href="http://patents.justia.com/patent/8763101">their recent patent</a> suggests hashing a phone number. If they are indeed hashing phone numbers, it would be a major cryptographic mistake. Phone numbers can easily be deduced from hashes, so sending those hashes to untrusted web sites is practically equivalent to giving them your phone number.</p><p>Besides the ad networks, the unique X-UIDH header is a boon to eavesdroppers. We have seen that the NSA uses similar identifying metadata as 'selectors' to collect all of a single person's Internet activity. They also have been shown to use selectors to choose targets for delivering malware via <a href="http://www.wired.com/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/">QUANTUMINSERT</a> and similar programs. Having all Verizon mobile users' web traffic marked with a persistent, unique identifier makes it trivial for anyone passively eavesdropping on the Internet to associate that traffic with the individual user in a way not possible with IP addresses alone.</p><p>According to Verizon, it <a href="http://www.huffingtonpost.com/2012/10/17/verizon-precision-market-insights_n_1971265.html">began the Precision Market Insights program in 2012</a>, but has consistently refused to provide technical details about how the program worked. The injection of the X-UIDH header went largely unremarked by the technical community until recently because it is so hard to observe. The header is inserted in requests after they leave the phone, so customers cannot detect it using only a phone. In order to detect it, a user needs to run a web server configured to log or echo all HTTP headers, which is very rare.</p><h3>How You Can Protect Yourself</h3><p>Verizon can only modify plaintext traffic. It can't modify encrypted requests without breaking the whole connection. There are four options for encrypting web requests: HTTPS, an encrypted proxy, a VPN, or Tor. Only a VPN or Tor provide full protection in this case.</p><p>The best protection against this specific problem is to use a <a href="https://ssd.eff.org/en/module/choosing-vpn-thats-right-you">VPN</a> that encrypts all requests made from your phone, regardless of whether they were made by an app or a browser. Most VPNs are paid services, and when using a VPN you have to trust the VPN operators the same way you would normally trust your ISP. Advanced users can also use <a href="https://www.torproject.org/">Tor</a> via <a href="https://play.google.com/store/apps/details?id=org.torproject.android&amp;hl=en">Orbot Android app</a> in transparent proxy mode (requires root). Tor is free, but you have to trust exit node operators <a href="http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/">not to interfere with your connection</a>. Tor is more appropriate if you are trying to be anonymous.</p><p>The second-best protection is to use an encrypted proxy, which protects browser traffic but not mobile apps. Mobile Chrome provides the '<a href="https://support.google.com/chrome/answer/2392284?hl=en">Reduce data usage</a>' setting, which is reported to prevent the X-UIDH header injection. Unfortunately, this connection is not reliably encrypted, because <a href="https://support.google.com/chrome/answer/3517349?hl=en">an ISP can disable encryption on it at any time</a>.</p><p>HTTPS, which is the best protection for many types of harm, is actually the least powerful protection for this one. The header cannot be injected into an HTTPS request, but since websites choose whether to offer HTTPS, a site that wants to track users can simply avoid HTTPS and get the tracking headers. <a href="https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what">The web needs to become fully encrypted</a>, and these X-UIDH headers provide a strong disincentive for sites and advertisers who wish to track their users to adopt HTTPS. In fact, the <a href="https://www.google.com/patents/US20130273886">AT&amp;T patent</a> on similar headers recommends downgrading (redirecting) secure HTTPS requests to HTTP ones in order to receive the tracking header.</p><h3>What Verizon Should Do</h3><p>Verizon should immediately stop injecting the X-UIDH tracking header into its users' traffic. It is entirely possible to re-design their marketing programs so that the header is only injected for users who explicitly consent to having their Internet connections modified to add tracking information, and to do so in a way that <a href="http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/">doesn't allow third-party sites to track users across the Internet</a>.</p><p>We're also concerned that Verizon's failure to permit its users to opt out of X-UIDH may be a violation of <a href="http://www.law.cornell.edu/uscode/text/47/222">the federal law</a> that requires phone companies to maintain the confidentiality of their customers' data. Only two months ago, the wireline sector of Verizon's business was hit with a <a href="http://transition.fcc.gov/Daily_Releases/Daily_Business/2014/db0903/DOC-329127A1.pdf">$7.4 million fine</a> by the Federal Communications Commission after it was caught using its "customers' personal information for thousands of marketing campaigns without even giving them the choice to opt out." With this header, it looks like Verizon lets its customers opt out of the marketing side of the program, but not from the disclosure of their browsing habits.</p><p>More generally, Verizon should stop tampering with their customers' Internet traffic without their customers' consent. ISPs like Verizon act as trusted connectors to the world, and shouldn't be modifying our communications on their way to the Internet. People should not be required to subscribe to a VPN and put their trust in a third party in order to get a modicum of privacy on the Internet.</p><p><span style="line-height: 20.0063037872314px;">AT&amp;T has been </span><a href="http://www.forbes.com/sites/kashmirhill/2014/10/28/att-says-its-testing-unkillable-tracker-on-customers-smartphones/" style="line-height: 20.0063037872314px;">reported to be testing a similar header</a><span style="line-height: 20.0063037872314px;">.</span></p>
<ul class="footnotes"><li class="footnote" id="footnote1_6a9fxix"><a class="footnote-label" href="#footnoteref1_6a9fxix">1.</a> For instance, suppose an ad network assigned you a cookie with the unique value "cookie1," and Verizon assigned you the X-UIDH header "old_uid." When Verizon changes your X-UIDH header to a new value, say "new_uid," the ad network can connect "new_uid" and "old_uid" to the same cookie value "cookie1" and see that they all three values represent the same person. Similarly, if you subsequently clear cookies, the ad network will assign a new cookie value "cookie2." Since your X-UIDH value is the same (say, "new_uid") before and after clearing cookies, the ad network can connect "cookie1" and "cookie2" to the same X-UIDH value "new_uid." The back-and-forth bootstrapping of identity makes it impossible to truly clear your tracking history while the X-UIDH header is enabled.</li>
</ul>
</div></div></div>Mon, 03 Nov 2014 18:51:03 +0000jsha82886 at https://www.eff.orgTechnical AnalysisAnonymityPrivacyDo Not TrackOnline Behavioral TrackingCops Need to Obey Facebook’s Ruleshttps://www.eff.org/deeplinks/2014/10/cops-need-obey-facebooks-rules
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Facebook scolded the Drug Enforcement Administration this week after learning that a narcotics agent had impersonated a user named Sondra Arquiett on the social network in order to communicate and gather intelligence on suspects. In a <a href="https://www.documentcloud.org/documents/1336541-facebook-letter-to-dea.html">strongly worded letter</a> to DEA head Michele Leonhart, Facebook’s Chief Security Officer Joe Sullivan reiterated that not only did the practice explicitly violate the site’s terms of service, but threatened Facebook’s trust-based social ecosystem.</p>
<p>Sullivan writes:</p>
<blockquote><p>Facebook has long made clear that law enforcement authorities are subject to these policies. We regard the conduct to be a knowing and serious breach of Facebook’s terms and policies, and the account created by the agent in the Arquiett matter has been disabled.</p>
<p>Accordingly, Facebook asks that the DEA immediately confirm that it has ceased all activities on Facebook that involve the impersonation of others or that otherwise violate our terms and policies.</p></blockquote>
<p>So far, it is unclear whether the DEA has responded, although the US Department of Justice has independently launched an investigation into the practice. We commend Facebook for holding the agency accountable.</p>
<p>But we also think Facebook should go further in protecting users and the integrity of its services. The DEA isn’t only law enforcement agency creating fake profiles on Facebook, and fake profiles are not the only way that law enforcement agencies routinely violate the site’s terms of service.</p>
<p><b>Sock Puppet Investigators </b></p>
<p>Facebook’s “<a href="https://www.facebook.com/legal/terms">Statement of Rights and Responsibilities</a>” require users to provide their “real names and information” and warn users to “not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.” In other words, this is a ban on sock puppets: fake accounts that someone creates for deceptive purposes.</p>
<p>According to a lawsuit filed against the DEA, Arquiett was arrested in 2010 on drug charges. She allegedly agreed to allow an agent to search her phone. But the agent did much more than that, taking files from her phone—including suggestive photos of Arquiett as well as pictures of her children. The agent then used them to create a Facebook profile in her name. The agent accepted and made friend requests and engaged in conversations with other users.</p>
<p>While this may be the first time we have heard of the DEA impersonating an actual person, two separate independent studies show that creating fake profiles is commonplace in the law enforcement community.</p>
<p>In 2012, LexisNexis researchers <a href="http://www.lexisnexis.com/en-us/about-us/media/press-release.page?id=1342623085481181">surveyed</a> more than 1,200 federal, state, and local law enforcement agencies and almost 70 percent of agencies surveyed said they use social media to some extent in their investigations. Among those agencies, Facebook was by far the most popular social network site, with 91 percent using it for investigations, 27 percent using it on a daily basis. Alarmingly, the LexisNexis researchers concluded that police “have no concerns around the ethics of creating fake virtual identities as an investigative technique." Approximately 83 percent reported they had no qualms about going undercover online. </p>
<p>LexisNexis even included an anonymous testimonial on how police were able to track a suspect’s location through Facebook:</p>
<blockquote><p>I was looking for a suspect related to drug charges for over a month. When I looked him up on FB, and requested him as a friend from a fictitious profile, he accepted. He kept “checking in” everywhere he went so I was able to track him down very easily.</p></blockquote>
<p>A 2013 study [<a href="http://www.iacpsocialmedia.org/Portals/1/documents/External/SocialMediaandTacticalConsiderationsforLawEnforcement.pdf">pdf</a>] from the International Association of Chiefs of Police (IACP) mirrored the LexisNexis findings. Out of 500 predominantly municipal law enforcement agencies, more than 58 percent reported that they use fake profiles to gather information.</p>
<p>It’s difficult to determine exhaustively which agencies have adopted this tactic, but some have publicly acknowledged the practice:</p>
<ul><li>Cincinnati Police Department <a href="http://www.cnn.com/2012/08/30/tech/social-media/fighting-crime-social-media/">admitted</a> to CNN that it used undercover profiles for “targeted enforcements.”</li>
<li>In a DOJ-funded <a href="http://www.iacpsocialmedia.org/Portals/1/documents/External/SocialMediaandTacticalConsiderationsforLawEnforcement.pdf">report</a> on social media tactics, IACP revealed that the New York City Police Department has created formal policies for creating alias accounts for use in investigations. (The policies are available on page 169 of <a href="http://www.neiassociates.org/storage/FBINEIA-2013-SocMediaTool.pdf">this report</a>.)</li>
<li>The Georgia Bureau of Investigation similarly has a policy (<a href="http://www.neiassociates.org/storage/FBINEIA-2013-SocMediaTool.pdf">page 157</a>) allowing for aliases to be used in investigations.</li>
<li>In its <a href="http://www.cityoflavista.org/DocumentCenter/View/5573">policy</a> on the use of social media, the La Vista Police Department in Nebraska says, “Covert undercover operations on the Internet and Social Networking are an effective investigative technique in establishing admissible, credible evidence in support of a criminal prosecution against suspects.”</li>
</ul><p>Yet most of these agencies explicitly agreed to abide by Facebook’s terms of service when they created their <a href="https://www.facebook.com/Georgia.Bureau.of.Investigation">own</a> <a href="https://www.facebook.com/CincinnatiPolice">Facebook</a> <a href="https://www.facebook.com/NYPD">pages</a>.</p>
<p><b>Ignoring ToS </b></p>
<p>Creating fake profiles is only one way that law enforcement agencies are actively violating Facebook’s terms of service.</p>
<p>Facebook’s terms say that you must not share your password or “let anyone else access your account.” It further states, “you will not solicit login information or access an account belonging to someone else.” Yet, law enforcement agencies are guilty of these activities, particularly when it comes to screening applicants for jobs. According to a <a href="http://www.sfgate.com/news/article/Law-enforcement-employers-still-view-private-5722229.php">recent article</a> from the <i>San Francisco Chronicle</i>, “The standard practice in most California police departments is to require social-media passwords of job applicants, including those applying for dispatch and jail staff positions.” This past session, the California Legislature attempted to clarify the law to extend a prohibition on this practice in the private sector to public employees—including a provision explicitly prohibiting police agencies from soliciting passwords—but <a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB25">the bill</a> failed to make it to the governor’s desk.</p>
<p>Meanwhile, the FBI has been researching <a href="http://www.zdnet.com/blog/facebook/fbi-to-monitor-facebook-twitter-myspace/8119">ways to data mine</a> on Facebook, which would be a violation of the ToS that says you cannot “not collect users' content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our prior permission.”</p>
<p>Law enforcement agencies have been potentially violating social media networks' terms of service with scraping and "covert accounts" <a href="https://www.eff.org/deeplinks/2010/08/government-finds-uses-social-networking-sites">for years</a> (even as far back as when MySpace was the leading social network). We had to go court to find this out, but Facebook has the power to force transparency without litigation.</p>
<p><b>What Should Facebook Do About This? </b></p>
<p>Under a White House directive (<a href="https://www.eff.org/document/omb-memorandum-terms-service">most recent version here</a>), federal agencies are supposed to sign special, negotiated terms of service with social media providers where they would like to have a presence, including Facebook (example pdf <a href="http://www.digitalgov.gov/files/2014/07/facebook-tos-amendment.pdf">here</a>). Facebook also has special <a href="https://www.facebook.com/terms_pages_gov.php">terms of services</a> that are applicable only to state and local government agencies. </p>
<p>These agreements and special terms of services are opportunities for Facebook to demand more of law enforcement. If cops want to use Facebook for public purposes (and according IACP, most agencies find it a “very valuable” for community outreach, collecting tips and disseminating emergency information), then Facebook should make sure they know they must follow the same rules as everyone else.</p>
<p>We’re asking Facebook to spell out, in no uncertain language, that the terms that apply to regular users apply to government agencies as well, including law enforcement. It should remind law enforcement that violating its terms of service—such as by creating fake profiles, using impersonation, requiring passwords from applicants and employees, and data mining—isn’t OK.</p>
<p>But Facebook could, and should, go a step further to restore the public’s trust in their system and require that any law enforcement agency that wants to use Facebook must first develop and publish departmental policies for social media, including their policies for using social media in investigations and in screening job applicants.</p>
<p>It's great that Facebook sent a letter to the DEA, but for the company to protect its users it needs to do more than simply react after the damage has been done.</p>
</div></div></div>Fri, 24 Oct 2014 17:06:25 +0000dm82818 at https://www.eff.orgOnline Behavioral TrackingSocial NetworksTransparencyProtecting Privacy from Big Data: Putting the Cart Before the Horsehttps://www.eff.org/deeplinks/2014/09/protecting-privacy-big-data-putting-cart-horse
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal">Today EFF Staff Technologist Jeremy Gillula is speaking at an <a href="http://www.ftc.gov/news-events/events-calendar/2014/09/big-data-tool-inclusion-or-exclusion">FTC workshop</a> on big data and its impact on privacy, prompted by the recent reports on big data by the <a href="http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf">White House</a> as well as the <a href="http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-_may_2014.pdf">President’s Council of Advisors on Science and Technology</a> (PCAST). Our major point at the workshop will be that many seem to be putting the cart before the horse when it comes to big data: before we as a society start worrying about how we can mitigate big data’s privacy risks, we think its proponents first need to show that their analyses are statistically valid. In other words, we need proof that big data is good science and not just snake oil.</p>
<p class="MsoNormal">As we explained in <a href="https://www.eff.org/document/comments-ntia-big-data">comments we submitted last month</a> to the National Telecommunications and Information Administration (NTIA), although there’s a lot of hype out there about how amazing big data will be, there are very few public examples of big data use that have actually held up to scientific and technical scrutiny.<a class="see-footnote" id="footnoteref1_twlorif" title="A great example of this is Google Flu Trends, which initially was hyped as a wonderful example of the power of big data, but was later shown to be unreliable and inaccurate." href="#footnote1_twlorif">1</a> This is partially due to the closed and proprietary nature of most big data projects, which are run by companies that probably find it easier to share their successes than their failures. <a>As a result, “there are no big data about big data” from which we can draw conclusions about its validity</a>.<a class="see-footnote" id="footnoteref2_lcrrnqk" title="Tenner, Edward. Big Data: Here to Stay, but with Caveats. The American. (July 30, 2014)" href="#footnote2_lcrrnqk">2</a></p>
<p class="MsoNormal"><b>Big Data’s Technical Hurdles</b></p>
<p class="MsoNormal">But big data also faces purely technical challenges . For example, a major assumption in big data is that if one has a large enough data set, then the data will automatically be statistically representative of the underlying population. This claim, “that sampling bias does not matter, is simply not true in most cases that count.”<a class="see-footnote" id="footnoteref3_sqox6jl" title="Harford, Tim. Big data: are we making a big mistake? The Financial Times. (March 28, 2014)." href="#footnote3_sqox6jl">3</a><a class="see-footnote" id="footnoteref4_zd6pqeq" title="For example, consider analyzing traffic patterns in the San Francisco Bay Area by measuring the movement of cars equipped with a Fastrak (an RFID tag used to speed up traveling through tolls across the Bay’s many bridges.) Even better, assume we have data for all cars with a Fastrak—surely by having all the data, we will avoid having any underlying biases. But a bias exists: Fastrak use requires a credit card for automatic toll payment, which means that this data set will exclude people with bad credit, i.e. people who tend to be poorer." href="#footnote4_zd6pqeq">4</a> On the contrary, big data sets “are so messy, it can be hard to figure out what biases lurk inside them – and because they are so large, some analysts seem to have decided the sampling problem isn’t worth worrying about. It is.”<a class="see-footnote" id="footnoteref5_bgiu3ua" title="Harford, Tim. Big data: are we making a big mistake? The Financial Times. (March 28, 2014)." href="#footnote5_bgiu3ua">5</a></p>
<p class="MsoNormal">Additionally, even if one tackles the problem of sampling bias, there’s no way to know what correlations in the data are actually meaningful. (This is the old “correlation is not causation” problem.) More problematic, however, is that “big data may mean more information, but it also means more false information.”<a class="see-footnote" id="footnoteref6_k4fw6xd" title="Taleb, Nassim. Beware the Big Errors of ‘Big Data.’ Wired Magazine (February 8, 2013)." href="#footnote6_k4fw6xd">6</a> This contributes to what is known as the “multiple-comparisons” problem: if you have a large enough data set, and you do enough comparisons between different variables in the data set, some comparisons that are in fact flukes will appear to be statistically significant. (Take for example a data set that contains both the U.S. homicide rate and the market share of Internet Explorer. Both went down sharply<a class="see-footnote" id="footnoteref7_jeo3u5o" title="Marcus, Gary, and Davis, Ernest. Eight (No, Nine!) Problems With Big Data. The New York Times (April 6, 2014)." href="#footnote7_jeo3u5o">7</a> from 2006 to 2011, but that doesn’t mean the correlation is meaningful.)</p>
<p class="MsoNormal"><b>Not All Big Data Can Overcome These Technical Challenges</b></p>
<p class="MsoNormal">Ironically, the types of big data usage that get the most hype are exactly the types of usage that tend to suffer from these statistical problems. One such problematic use is individualized targeting of large numbers of individuals based on “found” data, i.e. information about them that was originally collected for some other purpose. By using “found” data that was not intended for the specific use it is being put to, sampling biases are inevitable. Another problematic use is the idea that by collecting all the data and then storing it indefinitely, it can be used to learn something new at some distant point in the future. Not only will such a “discovery” likely be subject to sampling biases, but any correlations that are discovered in the data (as opposed to being explicitly tested for) are likely to be spurious.</p>
<p class="MsoNormal">This isn’t to say that all usage of big data is destined to fail. With careful forethought and the proper use of statistical techniques, some uses of big data might be able to overcome these statistical traps and truly benefit society. But it’s worth emphasizing that the types of uses that tend to suffer from statistical weaknesses also tend to pose the greatest privacy threats, since they involve keeping data longer than otherwise necessary and using that data for purposes for which consent (or perhaps even notice) was not given.</p>
<p class="MsoNormal">Creatively using new tools is a huge part of innovation. But so is understanding when a tool works and when it doesn't. Thus, before we start asking about how to reconcile big data with privacy, we should understand when big data is good science—and when it’s not.</p>
<div>
<div>
<div id="_com_1" class="msocomtxt" language="JavaScript">
</div>
</div>
</div>
<ul class="footnotes"><li class="footnote" id="footnote1_twlorif"><a class="footnote-label" href="#footnoteref1_twlorif">1.</a> A great example of this is <a href="http://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en/us/archive/papers/detecting-influenza-epidemics.pdf">Google Flu Trends</a>, which initially was <a href="http://msl1.mit.edu/furdlog/docs/nytimes/2008-11-11_nytimes_google_influenza.pdf">hyped</a> as a wonderful example of the power of big data, but was later shown to be <a href="http://ssrn.com/abstract=2408560">unreliable and inaccurate</a>.</li>
<li class="footnote" id="footnote2_lcrrnqk"><a class="footnote-label" href="#footnoteref2_lcrrnqk">2.</a> Tenner, Edward. <a href="http://www.american.com/archive/2014/july/big-data-here-to-stay-but-with-caveats-1"><em>Big Data: Here to Stay, but with Caveats.</em></a> The American. (July 30, 2014)</li>
<li class="footnote" id="footnote3_sqox6jl"><a class="footnote-label" href="#footnoteref3_sqox6jl">3.</a> Harford, Tim. <a href="http://http://www.ft.com/cms/s/2/21a6e7d8-b479-11e3-a09a-00144feabdc0.html"><em>Big data: are we making a big mistake?</em></a> The Financial Times. (March 28, 2014).</li>
<li class="footnote" id="footnote4_zd6pqeq"><a class="footnote-label" href="#footnoteref4_zd6pqeq">4.</a> For example, consider analyzing traffic patterns in the San Francisco Bay Area by measuring the movement of cars equipped with a Fastrak (an RFID tag used to speed up traveling through tolls across the Bay’s many bridges.) Even better, assume we have data for <em>all</em> cars with a Fastrak—surely by having <em>all</em> the data, we will avoid having any underlying biases. But a bias exists: Fastrak use requires a credit card for automatic toll payment, which means that this data set will exclude people with bad credit, i.e. people who tend to be poorer.</li>
<li class="footnote" id="footnote5_bgiu3ua"><a class="footnote-label" href="#footnoteref5_bgiu3ua">5.</a> Harford, Tim. <a href="http://http://www.ft.com/cms/s/2/21a6e7d8-b479-11e3-a09a-00144feabdc0.html"><em>Big data: are we making a big mistake?</em></a> The Financial Times. (March 28, 2014).</li>
<li class="footnote" id="footnote6_k4fw6xd"><a class="footnote-label" href="#footnoteref6_k4fw6xd">6.</a> Taleb, Nassim. <a href="http://www.wired.com/2013/02/big-data-means-big-errors-people/"><em>Beware the Big Errors of ‘Big Data.’</em></a> Wired Magazine (February 8, 2013).</li>
<li class="footnote" id="footnote7_jeo3u5o"><a class="footnote-label" href="#footnoteref7_jeo3u5o">7.</a> Marcus, Gary, and Davis, Ernest. <a href="http://www.nytimes.com/2014/04/07/opinion/eight-no-nine-problems-with-big-data.html"><em>Eight (No, Nine!) Problems With Big Data.</em></a> The New York Times (April 6, 2014).</li>
</ul></div></div></div>Mon, 15 Sep 2014 17:22:59 +0000jeremy82217 at https://www.eff.orgPrivacyOnline Behavioral TrackingLocation Tracking: A Pervasive Problem in Modern Technologyhttps://www.eff.org/deeplinks/2013/12/location-tracking-pervasive-problem-modern-technology
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We've <a href="https://www.eff.org/deeplinks/2013/12/nsa-turns-cookies-and-more-surveillance-beacons">just seen some amazing reports from the <em>Washington Post</em></a> about just a few ways NSA is tracking people around the Internet and the physical world. These newly-revealed techniques hijacked personal information that was being transmitted for some commercial purpose, converting it into a tool for surveillance. One technique involved web cookies, while another involved mobile apps disclosing their location to location-based services.</p>
<p>One interesting thing about this is that the tracking that results is totally independent of the privacy practices that apply to the <em>intended</em> use of this data. Google has its own privacy policies about how it uses PREF cookies, and app developers have privacy policies for their location-based services, but this spying bypassed both of them and simply used this information as grist for the surveillance mill. So the level of intrusion resulting from this spying didn't depend on what the information was meant for, but on how it was repurposed.</p>
<p>Together, these programs show us that <i>transmitting any unique information unencrypted</i> forms the technological basis for a location-tracking technology, existing or potential. Every kind of identifiable information that gets transmitted in the clear over a radio or a public network is either an already-deployed NSA location-tracking program, or an exciting opportunity for some NSA agent to propose a new program to monitor devices’ whereabouts. And it’s not just NSA: we’ve already seen commercial use of phones’ <a href="https://en.wikipedia.org/wiki/MAC_address">wifi</a> and Bluetooth addresses (which are visible to anybody nearby and which normally don’t change over the lifetime of the device) to monitor shoppers.</p>
<p>There’s a long-term privacy solution for location tracking that can address all of these tracking methods and others. Every transmission of personally-identifiable information, over the air or over a public network, must be encrypted. If addresses can’t be encrypted, they should be random and change frequently. And personally-identifiable information must be understood to include persistent identifiers for people or devices, even if those identifiers don’t directly include a person’s name<a class="see-footnote" id="footnoteref1_kobu6bq" title="Some privacy engineers use the term uniqueness to refer to unique properties of a device or system that aren’t already associated with a particular person, or that might not ever become associated with a person in practice. For example, if a cell phone hasn’t been purchased yet, or if a transit fare collection system had a unique ID but nobody recorded or noticed who ended up using it for travel, some people would say the systems exhibit uniqueness but not personal identifiability. But it’s so easy for a device to make the one-way trip from uniqueness into an association with a person at any moment that careful privacy engineering would treat any long-term persistent uniqueness as presumptively identifying." href="#footnote1_kobu6bq">1</a> For example, a unique cookie can be used to recognize a device, so it should only ever be transmitted encrypted. Even if cookies were out of the picture, <a href="https://panopticlick.eff.org/">there's a lot else that's unique in browser behavior</a> that can potentially be used to track an Internet user.</p>
<p>The <i>Post</i>’s earlier report on tracking shows that fixing technology to prevent the tracking of device locations will be a challenging task. The paper's recent story on a program called FASCIA <a href="http://apps.washingtonpost.com/g/page/world/what-is-fascia/637/">referred to literally dozens of potentially unique and distinctive things about a cell phone</a> that the NSA might be able to observe directly on the air or by tapping into cell phone carriers’ infrastructure. That list shows many different ways in which the existing cell phone infrastructure inherently exposes unique attributes of devices, and hence inherently permits location tracking (either by carriers or by spies monitoring radio signals). We've already noticed that location tracking is an inherent part of the way today's cell phone infrastructure is put together—we can't make some simple technical change to stop mobile carriers (or governments) from being able to know where particular mobile devices. Rather, fixing this at a technical level will require re-engineering our cell phone networks, so it might take a little longer than turning on HTTPS for tracking cookies and mobile location check-ins.</p>
<p>On whatever timescale we can make these necessary changes, technology developers should commit to the principle that <i>no</i> unique user data is ever exposed unencrypted.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_kobu6bq"><a class="footnote-label" href="#footnoteref1_kobu6bq">1.</a> Some privacy engineers use the term <i>uniqueness</i> to refer to unique properties of a device or system that aren’t already associated with a particular person, or that might not ever become associated with a person in practice. For example, if a cell phone hasn’t been purchased yet, or if a transit fare collection system had a unique ID but nobody recorded or noticed who ended up using it for travel, some people would say the systems exhibit uniqueness but not personal identifiability. But it’s so easy for a device to make the one-way trip from uniqueness into an association with a person at any moment that careful privacy engineering would treat any long-term persistent uniqueness as presumptively identifying.</li>
</ul></div></div></div>Thu, 12 Dec 2013 00:23:12 +0000schoen77973 at https://www.eff.orgTechnical AnalysisSurveillance TechnologiesCell TrackingEncrypting the WebLocational PrivacyNSA SpyingOnline Behavioral TrackingHow To Opt Out of Google's Shared Endorsementshttps://www.eff.org/deeplinks/2013/10/how-opt-out-googles-shared-endorsements
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Google recently announced an <a href="http://www.google.com/intl/en/policies/terms/changes/">update to its Terms of Service</a>, focused on displaying your profile name and photo next to advertisements and reviews. The new feature, which goes into effect on November 11, is called <a href="https://support.google.com/plus/answer/3403513?hl=en&amp;p=plus_sesetting&amp;rd=1">Shared Endorsements</a> and will allow you to share your recommendations (whether a +1 on Google Play or a restaurant rating on Google Maps) with your connections.</p>
<p>For example, if your friend searches "Indian food" and an advertisement shows up for a local restaurant you've rated, your profile picture, name, and review might show up alongside it. Many users will take issue with their likeness used to promote sponsored links without their explicit consent—<a href="http://www.theatlanticwire.com/technology/2013/08/facebook-reaches-settlement-sponsored-stories/68752/">as Facebook knows all too well</a>. Even more users rightfully have concerns with the fact that old comments posted with one online landscape in mind are now being reused in a completely different manner and placed before a completely different audience.</p>
<p>A crucial component of privacy is <a href="https://www.eff.org/deeplinks/2010/05/bill-privacy-rights-social-network-users">control</a>, and being able to control how your information is used is an important user right. Thankfully, Google has made it very simple to opt out of Shared Endorsements. Here's how:</p>
<h3>Step 1: Go To Your Settings</h3>
<p>Go to the <a href="https://plus.google.com/settings/endorsements">Shared Endorsements setting page</a>. You can find this page by going to <a href="https://plus.google.com/">Google Plus</a> and clicking <a href="https://www.google.com/settings/plus">"Settings"</a> in the toolbar on the left. Next to "Shared Endorsements," click "Edit."</p>
<p><img src="https://www.eff.org/files/2013/10/15/shared-endorsements-1.png" /></p>
<h3>Step 2: Uncheck The Box</h3>
<p>Scroll down and make sure the box is <strong>unchecked</strong>. Once it is unchecked, click "Save."</p>
<p><img src="https://www.eff.org/files/2013/10/15/shared-endorsements-2.png" /></p>
<p>That's it! If you follow these two steps, you'll have successfully opted out of Google's Shared Endorsements feature.</p>
<p>(If you have several Google accounts, or if you manage various Google Plus pages, you will need to repeat these steps for each of them.)</p>
</div></div></div>Thu, 17 Oct 2013 16:06:38 +0000Adi Kamdar76614 at https://www.eff.orgPrivacyOnline Behavioral TrackingSocial NetworksData Broker Acxiom Launches Transparency Tool, But Consumers Still Lack Controlhttps://www.eff.org/deeplinks/2013/09/data-broker-acxiom-launches-transparency-tool-consumers-lack-control
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Acxiom, a <a href="https://www.propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you">data broker</a> that collects <a href="http://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html">1,500 data points per person</a> on <a href="http://www.forbes.com/sites/adamtanner/2013/06/25/finally-youll-get-to-see-the-secret-consumer-dossier-they-have-on-you/">over 700 million consumers</a> total and sells analysis of such information, is trying to ward off federal privacy regulations by flaunting transparency—a diluted term, in this case—around user data. The company just launched <a href="https://aboutthedata.com/">AboutTheData.com</a>, a site that will let users see and edit <em>some</em> information that Acxiom has about them—only "some," since Acxiom's analytics reveal far more information about you (living habits and personal preferences) that isn't readily available to you, but is sold to partner companies.</p>
<p>Everyone should be deeply concerned about data brokers. These companies are scavengers for very personal data, amassing details about everything from <a href="http://www.experian.com/marketing-services/life-event-marketing.html">"major life events"</a> (like a wedding or a baby) to your browsing history and shopping habits, and they have even begun exploring business relationships with social media giants like <a href="https://www.eff.org/deeplinks/2013/04/disconcerting-details-how-facebook-teams-data-brokers-show-you-targeted-ads">Facebook</a> and <a href="https://blog.twitter.com/2013/promoted-tweets-drive-offline-sales-for-cpg-brands">Twitter</a>. And once this data is collected, it's a small step away from government agencies and law enforcement. (There was hubbub around Acxiom and travel information, which the <a href="http://www.salon.com/2004/02/10/acxiom/">government collected</a> and <a href="http://www.eweek.com/c/a/Government-IT/Homeland-Security-Admits-Privacy-Errors-in-AntiTerror-Effort/">inadvertently shared</a>.) ACLU has an <a href="https://www.aclu.org/blog/technology-and-liberty/data-brokers-release-information-about-their-operations-response">excellent breakdown of Acxiom</a> after the company released operational details in response to a Congressional inquiry.</p>
<p>The Federal Trade Commission (FTC) has <a href="http://ftc.gov/opa/2012/12/databrokers.shtm">launched an in-depth investigation</a> into data brokers to see what information they gather and how it is used. Commissioner Julie Brill recently wrote an op-ed <a href="http://www.washingtonpost.com/opinions/demanding-transparency-from-data-brokers/2013/08/15/00609680-0382-11e3-9259-e2aafe5a5f84_story.html">demanding transparency</a> around what user data is being collected through a voluntary "Reclaim Your Name" campaign.</p>
<p>As Commissioner Brill notes, these companies "load all this data into sophisticated algorithms that spew out alarmingly personal predictions about our health, financial status, interests, sexual orientation, religious beliefs, politics and habits." These nuggets of information are subject to limited protections, leaving the door wide open for abuse. And consumers have extremely little control. Not only do we not know what information—correct or not—has been collected, but we often have limited means of opting out.</p>
<p>Of course, checking Acxiom's database requires entering personal information about yourself (name, address, birthday, Social Security number) before you can view or edit your information. This entered information, their <a href="https://aboutthedata.com/portal/privacy-policy">privacy policy</a> indicates, "may be shared within the Acxiom Corporation family of businesses" to fulfill a request. Users who are wary of entering their personal information should proceed with caution given the wording of this privacy policy, since there is no clear indication that entering your information will be used only to look up your records and will not itself be saved.</p>
<p>Being able to edit one's information is critical—aggregated misinformation by companies like Acxiom has <a href="http://www.nytimes.com/2006/10/17/us/17expunge.html?pagewanted=all">cost people jobs</a>. And users of the new site have had mixed-to-negative results. Folks are often shocked by <a href="http://www.forbes.com/sites/adamtanner/2013/09/05/bizarro-world-of-hilarious-mistakes-revealed-in-long-secret-personal-data-files-just-opened/">how mistaken</a> some of the data is about them, leading some to suggest that AboutTheData.com is simply a free, crowdsourced data cleaning service for Acxiom. Since the new site came out, some have carefully questioned <a href="http://www.salon.com/2013/08/06/data_mining_giants_misleading_boast/">if transparency is helpful in this case at all</a>.</p>
<p>Though limited, it is encouraging to see a company take this step towards transparency—there's even a clearly marked opt-out button. <a href="http://www.democraticmedia.org/acxiom%E2%80%99s-aboutthedata-fails-reflect-big-data-broker-and-privacy-realities">But this isn't enough at all</a>. And we have to remember that Acxiom is just one entity in a field of <a href="https://www.privacyrights.org/online-information-brokers-list">over 250 data brokers</a>.</p>
<p>It's too soon to tell if Acxiom's move will cause a domino effect, or whether transparency and privacy are truly points of competition. "Self-regulation" by the data broker industry leaves much up in the air—especially when highly personal information at stake. The FTC has called for information about data brokers to be amassed on one centralized site, and there's no reason for that site not to have a simple one-click opt out. Legislative efforts—especially in California—are taking steps to empower consumers. One, <a href="http://webpolicy.org/2013/09/10/do-not-track-in-california/">AB 370</a>, would update California's Online Privacy Protection Act (CalOPPA) and require websites to clearly explain to their users how they respond to <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> signals. Another, California's <a href="https://www.eff.org/deeplinks/2013/04/new-california-right-know-act-would-let-consumers-find-out-who-has-their-personal">Right to Know Act</a>, would also allow consumers to request exactly what information companies have about them, as well as who they're sharing such data with.</p>
<p>Ultimately, we need a system with teeth that allows consumers to take fuller control of data about them.</p>
</div></div></div>Thu, 12 Sep 2013 12:50:03 +0000Adi Kamdar75530 at https://www.eff.orgPrivacyDo Not TrackMedical PrivacyOnline Behavioral TrackingSocial NetworksPinterest Commits to Respecting Do Not Trackhttps://www.eff.org/deeplinks/2013/07/pinterest-commits-respecting-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier today, Pinterest received <a href="http://bits.blogs.nytimes.com/2013/07/26/pinterest-allows-users-to-opt-out-of-being-tracked/?_r=0">national attention</a> by announcing its new board suggestion program, which suggests Pinterest boards for users to follow based on websites they’ve visited outside of Pinterest. In rolling out this program, Pinterest took several important steps to respect the privacy of users:</p>
<ol><li><b>Pinterest has committed to respecting Do Not Track.</b> This means that when users enable Do Not Track in their browsers (see step-by-step instructions <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">here</a>), Pinterest will “zero out” any Pinterest tracking cookies the user may have. This means it won’t be able to create a unique dossier of your online web activities in order to suggest boards for you to follow.</li>
<li><b>Pinterest offers account setting options to limit board suggestions. </b>Users of Pinterest can also ensure that their web browsing activity isn’t associated with their accounts by using privacy settings within Pinterest. To adjust your settings: click your user name in the top right and then click "Settings." Go to the setting called "Personalization" and toggle the button to "No." (Note: this feature is currently rolling out and is not yet available in all Pinterest accounts. If it's not available for you, check back in a few hours.)</li>
<li><b>Pinterest allows non-users to opt out through the help center. </b>If you are not a user of Pinterest, aren’t interested in using Do Not Track, but would still like to get avoid Pinterest collecting information about your browsing history, you can do so by <a href="https://en.help.pinterest.com/entries/24883096-How-does-Pinterest-use-data-about-other-websites-I-visit-">visiting the help center</a>. From here, you can uncheck the box next to “Allow Pinterest to personalize my experience using sites I visit.” This sets a cookie that will essentially function the way Do Not Track functions, ensuring your browsing data is not collected by Pinterest. Note: this cookie will be removed if you delete your cookies, so we don’t recommend this option.</li>
</ol><p>Of these options, <b>we strongly recommend Do Not Track</b>. It’s a simple mechanism that will help protect your browsing privacy from a range of websites, including Pinterest. And it won’t be removed just because you clear your cookies. <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">See our guide to turning on Do Not Track</a>.</p>
<p><b>How Pinterest Board Suggestion Works – And What Opting Out Means</b></p>
<p>Pinterest receives data about sites you visit around the web that have chosen to embed the Pin It button. Visiting these sites—even if a user has never visited Pinterest before – results in the user receiving a unique tracking cookie. This cookie then communicates to Pinterest every time the user visits another website with the Pin It button, though it is not tied to your name or email address or other similar identifiers.</p>
<p>Unless you opt out, the data collected by Pinterest will paint an astonishingly intimate portrait of one’s online browsing activity. And when a user is logged in and has a Pinterest account, this browsing activity is associated with her account. Pinterest keeps this browsing data for <a href="https://en.help.pinterest.com/entries/24883096-How-does-Pinterest-use-data-about-other-websites-I-visit-">30 days</a>. (See <a href="https://help.pinterest.com/entries/24885843">Pinterest Help Center</a> or <a href="http://about.pinterest.com/privacy/">updated privacy policy</a>.)</p>
<p>Similar to the <a href="https://www.eff.org/deeplinks/2012/05/new-privacy-policy-twitter-commits-respecting-do-not-track">program</a> announced last year by Twitter, Pinterest’s new board suggestion program will use information it collects about your web browsing history through its unique tracking cookies in order to suggest boards it thinks you will find interesting. Here’s how Ka Chen, a software engineer for Pinterest, <a href="http://blog.pinterest.com/post/56525800591/making-pinterest-a-bit-more-personal">describes</a> it on the Pinterest blog:</p>
<blockquote><p>If you’re interested, we’ll also suggest personalized pins and boards based on websites you go to that have the Pin It button. So if you’re planning a party and have gone to lots of party sites recently, we’ll try to suggest boards to make your event a hit.</p></blockquote>
<p>However, whenever it receives the Do Not Track signal (DNT:1), Pinterest will “zero” its tracking cookies – removing the identifiers so they can no longer be associated with the websites you have visited in the past. While simple for a company to do, zeroing a tracking cookie is a powerful mechanism for protecting users’ web privacy. It means that a company can’t use their tracking cookies to create a detailed portrait of your online activities.</p>
<p>Do Not Track is a browser setting, but what about people who turn to the privacy settings within Pinterest to protect themselves? Pinterest seems to recognize that many users may turn to their account settings to limit data flow. Fittingly, Pinterest has created a mechanism to indicate they do not want to receive board suggestions. Choosing this setting will also have the effect of zeroing the tracking cookie. </p>
<p>We’re pleased with the steps Pinterest is taking to respect the privacy rights of individual Internet users. Notably, Twitter took a similar step last year and also publicly declared support for the Do Not Track signal. We’re impressed by these major companies establishing policies to meaningfully respect the privacy choices of their users, and glad to see they are getting the public attention they deserve. Hopefully, the decisions of Twitter and Pinterest are the vanguard of a new industry standard around respecting Do Not Track and soon this will be the default of all major websites.</p>
<p> </p>
<p> </p>
</div></div></div>Fri, 26 Jul 2013 18:05:31 +0000rainey75182 at https://www.eff.orgCommentaryPrivacyDo Not TrackOnline Behavioral TrackingSocial NetworksHow To Opt Out Of Twitter's Tailored Advertisements (And More!)https://www.eff.org/deeplinks/2013/07/how-opt-out-twitters-tailored-advertisements-and-more
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier, <a href="https://www.eff.org/deeplinks/2013/07/twitter-shows-the-way-forward-with-do-not-track">we posted</a> about Twitter's new tailored advertising <a href="https://blog.twitter.com/2013/experimenting-with-new-ways-to-tailor-ads">announcement</a>. We applauded Twitter's commitment to privacy by allowing two opt-out mechanisms—both an internal setting and your browser's Do Not Track capability. To make things easier for you, here's a guide to opt out of Twitter's tailored advertisements and how best to protect yourself from online tracking.</p>
<h3>Opting out of Twitter's tailored advertisements</h3>
<p>Twitter has a simple, built-in setting for opting out of tailored advertisements. Opting out will not remove Twitter's ads altogether—which show up as Promoted Tweets and Promoted Accounts—but they will prevent Twitter from collecting external data to modify which ads you receive.</p>
<p>1. Go to your <a href="https://twitter.com/settings/account">Twitter settings</a> by clicking on the gear on the top right and choosing "Settings."</p>
<p>2. Under "Account" (the first page), there is an option called "Promoted content." Uncheck the box by "Tailor ads based on information shared by ad partners."</p>
<p></p><center><img src="https://www.eff.org/files/twitter-optout3.png" /></center>
<p>3. There is also an option called "Personalization." Uncheck "Tailor Twitter based on my recent website visits."</p>
<p></p><center><img src="https://www.eff.org/files/twitter-optout1.png" /></center>
<p>It should be that simple.</p>
<h3>Opting out using Do Not Track</h3>
<p>You can also opt out of Twitter's browser-based tailored advertisements using <a href="https://www.eff.org/issues/do-not-track">Do Not Track (DNT)</a>. Do Not Track is a signal sent from your browser to indicate just that—you do not want to be tracked. While many advertisers, companies, advocacy groups, and regulatory bodies are currently netotiating how to respond to the DNT signal, we are pleased to see Twitter respecting their users' choice by disabling targeted ads when DNT is turned on. (Note that using DNT <strong>does not</strong> opt you out of Twitter's tailored ads using hashed email data.)</p>
<p>To enable Do Not Track, <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">follow our handy guide</a> with instructions for Safari, Internet Explorer 9, Chrome, and Firefox. (DNT is enabled by default with IE 10.)</p>
<p>If Do Not Track is enabled, under your <a href="https://twitter.com/settings/account">"Personalization" setting</a> you should see a green check mark.</p>
<p></p><center><img src="https://www.eff.org/files/twitter-optout2.png" /></center>
<h3>Other ways to limit online tracking</h3>
<p>There are a number of tools to help curb online tracking and block third-party cookies. We recommend you use a tool such as <a href="http://www.ghostery.com/">Ghostery</a> (available on Firefox, Safari, Chrome, Opera, and Internet Explorer) or Abine's <a href="https://abine.com/dntdetail.php">DoNotTrackMe</a> (available in Firefox, Safari, Chrome, and Internet Explorer).</p>
<p>You can also block third party trackers—and advertisements altogether—using AdBlock Plus with EasyPrivacy Lists enabled. For information on how to install this add-on and enable other privacy settings, check out our <a href="https://www.eff.org/deeplinks/2012/04/4-simple-changes-protect-your-privacy-online">4 Simple Changes to Stop Online Tracking</a> guide.</p>
<p>Apart from technological solutions, we recommend you take caution when giving out personal information online. Use your full name, phone number, and email address sparingly, if you can. Often times companies don't actually need this information, which could end up in the hands of a number of data brokers (or, worse, governments) down the line.</p>
</div></div></div>Wed, 03 Jul 2013 18:04:29 +0000Adi Kamdar74838 at https://www.eff.orgPrivacyDo Not TrackOnline Behavioral TrackingSocial NetworksTwitter Shows The Way Forward With Do Not Trackhttps://www.eff.org/deeplinks/2013/07/twitter-shows-the-way-forward-with-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Twitter <a href="https://blog.twitter.com/2013/experimenting-with-new-ways-to-tailor-ads">today announced</a> a new way of targeting advertisements for its users, including a partnership with three online tracking firms: media6degrees (m6d), Chango, and Adara. This new system will display ads based on your behavior and reading habits, which show up as "Promoted Tweets" or "Promoted Accounts." This is typical of the direction that major online companies are moving. But Twitter has made some praiseworthy design decisions:</p>
<p><strong>1. Twitter will honor your browser's Do Not Track setting by treating it as a "do not collect" signal.</strong> In other words, when <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">Do Not Track is enabled</a>, Twitter will not collect your browsing information in order to show targeted ads on Twitter.</p>
<p><strong>2. Twitter is incorporating a setting to completely opt out of targeted ads.</strong> Available in your <a href="https://twitter.com/settings/account">account settings</a>, this prevents Twitter from collecting information about you, such as your browsing habits through advertising firms <em>as well as</em> encrypted email addresses from partners. (This does not opt you out of all advertising on Twitter.)</p>
<p>We think Twitter is setting an important example for the Internet: It is possible to exist in an ecosystem of tailored advertisements and online tracking while also giving users an easy and meaningful opt-out choice. This is in stark contrast to many other advertising and tracking firms, who continue to argue that <a href="https://www.eff.org/deeplinks/2013/05/how-weak-current-dnt-proposal">"do not track" should mean "pretend not to track."</a> Consumer privacy is an issue of control and transparency; you may be perfectly fine with targeted ads, but you should have the ability to know what information companies have about you and the option of saying no. More and more online companies—many of which already have millions of active users—are turning to third parties to manage their advertising schemes. We believe they should follow Twitter's lead in empowering their users and respecting their use of the Do Not Track setting.</p>
<p>Twitter is also linking to <a href="https://support.twitter.com/articles/20170407-faqs-about-tailored-ads-and-your-privacy-controls">each advertising firm's opt-out pages</a>. To make things a bit easier for you, here are the opt-out pages for <a href="http://m6d.com/wp-content/themes/m6d/optout_.php">m6d</a> (clicking this link will automatically opt you out), <a href="http://www.chango.com/privacy/opt-out/">Chango</a>, and <a href="http://www.adaramedia.com/opt-out.php">Adara</a>. These companies use cookie-based opt-outs, however, which means they will install an opt-out cookie onto your browser. By practicing good privacy hygiene and clearing your cookies, you will unfortunately be losing the record of your opt-out to these ad targeting services. Opting out also <em>does not mean</em> that your data is removed from these companies' databases; it simply means that they will stop tracking you if your browser has their opt-out cookie. In the future, we hope that Twitter will be using its leverage with these partners to ensure that they, like Twitter, avoid tracking people who have explicitly denied consent to be tracked.</p>
<h3>How Twitter's ad targeting works</h3>
<p>Twitter's ad targeting program is very similar to Facebook's targeting that <a href="https://www.eff.org/deeplinks/2013/04/disconcerting-details-how-facebook-teams-data-brokers-show-you-targeted-ads">we profiled earlier this year</a>, in that it uses two methods: cookie matching and hashed email matching. Unlike Facebook's, however, Twitter has architected their program to comply with the Do Not Track setting and to make it easier to opt out.</p>
<p><strong>Cookie matching:</strong> When you visit a website that has an agreement with one of the three advertising firms that are part of Twitter's pilot program, you are sending data via a browser cookie to these firms' databases. The firms use this browsing history—for example, if you recently visited an online clothing store—to create specific advertising profiles for you. Remember: these firms collect such information about you even if you aren't logged into Twitter.</p>
<p>The m6d, Chango, and Adara tracking cookies will be used to predict interests based on sites you've recently visited, and make shopping predictions or otherwise develop targeting criteria. The ad targeting companies communicate the relevant browser cookie ID to Twitter, which will be used to place you in a bin to receive advertisements "tailored" for that user. In return, Twitter reports in aggregate how many impressions and clicks these ads received.</p>
<p><strong>Hashed email matching:</strong> If you are a subscriber to a website's mailing list—for example, the online clothing store's weekly newsletter—<a href="https://en.wikipedia.org/wiki/Cryptographic_hash_function">cryptographic hashes</a> of your email address might be sent to Twitter. If this hash matches Twitter's own hash of your email, Twitter will know to include you in the website's advertisement program (for example, a promoted tweet about the latest deal on those new summer shirts).</p>
<h3>How to opt out</h3>
<p>Though the opt-out process may be simple, there are a few extra steps you can take to help protect yourself against unwanted online trackers. For more, check out <a href="https://www.eff.org/deeplinks/2013/07/how-opt-out-twitters-tailored-advertisements">our guide on how to opt out of Twitter's tailored advertisements (and more!)</a>.</p>
<p>Once again, we commend Twitter for making this process as simple as possible for its users and for respecting the Do Not Track browser setting. Twitter has shown a commitment to supporting user privacy (including being one of two companies to <a href="https://www.eff.org/who-has-your-back-2013">receive all six stars</a> in our Who Has Your Back report), and we encourage more companies to follow their lead.</p>
</div></div></div>Wed, 03 Jul 2013 17:52:10 +0000Adi Kamdar74845 at https://www.eff.orgPrivacyDo Not TrackOnline Behavioral TrackingSocial Networks Do Not Track Update: From Congressional Hearings to Uproar Over Microsoft’s "Default" Settings, the Fight for User Privacy Continueshttps://www.eff.org/deeplinks/2012/09/do-not-track-update-congressional-hearings-uproar-over-microsofts-default
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>This is part one of a two part series on current updates in Do Not Track. Part two will explore issues around default settings in more depth.<br /></em></p>
<p>As summer wanes, EFF and other digital rights advocates are continuing to fight for <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a>, a one-click browser-based signal users can turn on to tell websites not to track their online browsing habits. In this article, we’ll be reviewing recent Congressional hearings about online tracking and discussing a Do Not Track proposal being promoted by EFF, Stanford, and Mozilla.</p>
<h3>Congress Hears from Privacy Experts</h3>
<p>In June, the House Subcommittee on Intellectual Property, Competition and the Internet <a href="http://judiciary.house.gov/hearings/Hearings%202012/hear_06192012.html">held a hearing</a> on how the technology industry can implement privacy protections that inform and protect consumers. New York Law School Prof. James Grimmelmann discussed Do Not Track and <a href="http://judiciary.house.gov/hearings/Hearings%202012/Grimmelmann%2006192012.pdf">articulated</a> (PDF) three principles that are necessary to achieve genuine consumer choice:</p>
<ul><li>Usability—privacy interfaces must be clear and clearly disclosed.</li>
<li>Reliability—a consumer who has expressed a choice is entitled to expect that it will be honored.</li>
<li>Innovation for privacy—a privacy policy should encourage the development of these technologies, and protect them from interference. </li>
</ul><p>Later in June, the Senate Commerce Committee <a href="https://www.eff.org/deeplinks/2012/06/Senate-Commerce-Committee-Considers-Do-Not-Track-Online-Tracking-Thursday">heard testimony</a> from Ohio State University Law School Prof. Peter Swire. Swire was critical of current online behavioral advertising industry self-regulation, noting that while “the 2011 DAA [Digital Advertising Alliance] principles have a section called ‘Limitations on the Collection of Multi-Site Data'….As drafted, it is difficult to see what limitations on collection could be enforced given the breadth of the exceptions.” Read Swire's <a href="http://commerce.senate.gov/public/?a=Files.Serve&amp;File_id=4c73aa3c-5626-42d6-b6fe-31e3ec6ad1ca">testimony</a> (PDF).</p>
<p>If nothing else, this testimony ensures that lawmakers are hearing from privacy advocates about the problem with today’s ecosystem of pervasive online tracking.</p>
<h3>World Wide Web Consortium Works to Achieve Consensus on Do Not Track Standards—Especially When It Comes to Browser Defaults</h3>
<p>Meanwhile, work in the World Wide Web Consortium (W3C) <a href="http://www.w3.org/2011/tracking-protection/">Tracking Protection Working Group</a> (TPWG) continues. The W3C is a multi-stakeholder group of academics, thought leaders, companies, industry groups, and advocacy organizations like EFF (as an invited expert) working to create voluntary standards for the web. The TPWG charter, which would have expired by now, was extended another six months at the beginning of August.</p>
<p>Earlier this year, EFF, Mozilla, and Stanford’s Jonathan Mayer offered a compromise proposal that concedes to the online behavioral advertising industry a narrow scope of effect for DNT—mainly affecting “third parties” that consumers <a href="https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks">generally don’t know about</a> —while subjecting such third parties to significant data collection restrictions. Our proposal would limit companies’ ability to collect a user’s browsing or reading history; companies could collect protocol data (like IP address and HTTP referrer) for a reasonable time, if they did not use <a href="https://www.eff.org/deeplinks/2012/04/will-industry-agree-meaningful-do-not-track">unique ID cookies or their equivalents</a>. Our proposal also conceded, however, that companies could collect and retain significantly more data for security purposes.</p>
<p>We’ve been talking to companies and trade associations about how to implement these kinds of changes technically. Mayer has done much work in this area, with a <a href="https://air.mozilla.org/tracking-not-required">video presentation</a>, as well as analysis of <a href="http://33bits.org/2012/06/11/tracking-not-required-behavioral-targeting/">targeting without tracking</a>, <a href="http://webpolicy.org/2012/04/23/tracking-not-required-frequency-capping/">frequency capping</a>, and <a href="http://webpolicy.org/2012/07/24/tracking-not-required-advertising-measurement/">advertising measurement</a>.</p>
<p>At a non-technical policy level, the online advertising industry has suggested that companies may be able to meaningfully tighten the scope of permitted uses for online behavioral data and the amount of time that data would be kept or retained. While these would be good steps for privacy, we believe more needs to be done at a <a href="http://cyberlaw.stanford.edu/blog/2012/08/trouble-id-cookies-why-do-not-track-must-mean-do-not-collect">technical level</a>. We’re encouraged that there’s been some <a href="https://techatftc.wordpress.com/2012/07/03/privacy-by-design-frequency-capping/#comment-149">industry response</a> on these technical issues.</p>
<p>These issues aren’t easy. Entire business models in the online advertising industry are built on the assumption that data about users’ online activities will be easily available. And of course the overall advertising ecosystem <a href="http://cyberlaw.stanford.edu/blog/2010/12/do-not-track-isnt-just-about-behavioral-advertising">isn’t monolithic</a>. “First parties” range from large social networks and search engines to news and blogging sites, and they can also have significant ability to observe users’ behavior on many different sites, e.g. social widgets like a Facebook “like” button. Third-party tracking entities can be large or small, while their economic incentives and financial and technical resources may differ significantly.</p>
<p>The compromise offered by Mozilla, Stanford, and EFF attempts to thread a difficult needle, balancing users’ need for privacy and industry interests in providing advertisements and protecting against security threats. We think it achieves the three principles outlined by Prof. Grimmelman in his testimony to Congress—namely, that is <em>usable</em> (users can set it in the browser with just a couple clicks), <em>reliable</em> (once the Do Not Track standard is set, there will be a recognized understanding of how websites should respond when they receive the Do Not Track signal) and allows for <em>privacy innovation</em>. This third part is essential—the Do Not Track standard we are working to create is one that allows for many new, privacy-protecting business models to flourish. As researchers Jonathan Mayer and Arvind Narayanan articulated in a <a href="http://cyberlaw.stanford.edu/blog/2012/08/trouble-id-cookies-why-do-not-track-must-mean-do-not-collect">recent blog</a>, "A rigid use-based approach could lock in current advertising business practices, stifling innovation, or motivate some companies to bend the rules and justify tracking for an ever-expanding set of uses." The compromise agreement on Do Not Track, which limits data collection by third parties but doesn’t tell advertisers what types of ads they can show or limit new forms of future advertising models, provides a framework that’s good for innovation and privacy.</p>
</div></div></div>Thu, 20 Sep 2012 22:00:27 +0000rainey71882 at https://www.eff.orgCommentaryPrivacyDo Not TrackOnline Behavioral TrackingAd Biz Claims It Must Disregard User Privacy Choices to Safeguard "Cybersecurity"https://www.eff.org/deeplinks/2012/06/ad-biz-claims-it-must-disregard-user-privacy-choices-safeguard-cybersecurity
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><h3>Senator Rockefeller dismisses "cybersecurity" claims as "red herring"</h3>
<p>At a hearing yesterday, the Senate Commerce Committee took up the issue of online tracking, the browser-based <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> flag, and, in an unlikely turn of events, cybersecurity. The hearing included <a href="http://commerce.senate.gov/public/index.cfm?p=Hearings&amp;ContentRecord_id=aa018084-ceea-472c-af63-97d7f44fac80">testimony</a> from Ohio State University Law School’s Prof. Peter Swire, Mozilla’s Alex Fowler, the Association of National Advertisers’ Bob Liodice, and TechFreedom’s Berin Szoka. While there were a number of heated moments in the hearing, the most surprising was the advertising industry’s claim that respecting consumer choice will harm "cybersecurity." This new argument from the advertising industry only raises more concerns for the civil liberties implications of online tracking and was, as Rockefeller aptly noted, little more than a "red herring."</p>
<p><i>Quick Recap: What’s Do Not Track and What’s at Stake</i></p>
<p>Do Not Track is a signal that users can set in their browsers to tell websites they don’t want their online web browsing tracked by companies with whom they have no relationship. Momentum for Do Not Track has been building over several years, inspired in part by high-profile privacy scandals as well as a <a href="http://online.wsj.com/public/page/what-they-know-digital-privacy.html">comprehensive expose series</a> by the Wall Street Journal showing that the nation's 50 top websites on average installed <a href="http://online.wsj.com/article/SB10001424052748703940904575395073512989404.html">64 pieces of tracking technology</a> onto the computers of visitors, usually with no warning. Do Not Track has been <a href="https://www.eff.org/deeplinks/2010/12/ftcs-privacy-report-calls-attention-privacy">endorsed by the FTC</a> and is the cornerstone of <a href="http://www.washingtonpost.com/blogs/post-tech/post/sen-rockefeller-introduces-do-not-track-bill-for-internet/2011/05/09/AF0ymjaG_blog.html">legislation</a> proposed by Senator Rockefeller.</p>
<p>The Digital Advertising Alliance (DAA), an advertising industry consortium, has adopted principles for online data collection that <a href="https://www.eff.org/deeplinks/2011/11/daa-self-regulation-principles-fall-far-short-do-not-track">fall far short</a> of Do Not Track. According to Prof. Swire’s written testimony, the exceptions in the 2011 DAA principles "are so open-ended that I have not been able to discern any limits on collection under them." For example, he notes that the "market research" exemption includes "research about consumers," which "would seem to include keeping track of every click made by a consumer."</p>
<p><i>Senate hearing: industry argues tracking necessary for cybersecurity</i></p>
<p>The issue of cybersecurity arose when the advertising industry’s Bob Liodice struggled under questioning from Senator Rockefeller. Abandoning the meme that the advertising industry was adequately self-regulating to assuage the privacy concerns of users, Liodice switched tactics and began to argue that widespread data collection about our everyday Internet browsing habits was necessary for cybersecurity. When asked whether this included issues such as online sexual predators and identity theft, Liodice agreed.</p>
<p>Frankly, we’re puzzled by the purported connection between online behavioral tracking for advertising industry purposes and online sexual predators or ID theft. But Liodice’s argument raises a larger point. As a society, we’re currently grappling with the role we want our online service providers to play in policing our Internet activity. Whether it’s efforts to turn <a href="https://www.eff.org/issues/coica-internet-censorship-and-copyright-bill">registrars into copyright police</a>, asking ISPs to <a href="https://www.eff.org/deeplinks/2012/02/how-internet-companies-would-be-forced-spy-you-under-hr-1981">collect data</a> on Internet users not accused of any crime, or letting companies <a href="https://www.eff.org/issues/cyber-security-legislation">share sensitive data with the government without a warrant</a>, the digital age has raised a plethora of questions about the role of intermediaries working with the government. In yesterday’s Senate hearing, we heard the advertising industry admit that their near-ubiquitous online tracking program is being used for issues that are the purview of law enforcement. That raises a host of questions all on its own, but one thing is certain: with these statements we have even more reason to stand up for a surveillance-free Internet.</p>
<p>Senator Rockefeller was skeptical about the advertising industry’s claims that they needed to engage in pervasive online tracking for cybersecurity purposes. In response to Liodice’s pronouncement, he stated: “I just want to declare the whole cybersecurity matter a total red herring.” We certainly agree that strong cybersecurity does not necessitate surveillance of our online browsing habits by unaccountable third parties. And it’s also important to note that the <a href="http://lists.w3.org/Archives/Public/public-tracking/2012Jun/att-0095/compromise-proposal-pde-tl-jm.html">DNT compromise proposal</a> that EFF, Stanford, and Mozilla submitted to the W3C creates a special exception for security and click-fraud.</p>
<p>At the end of they day, strong cybersecurity is not antithetical to online privacy. In an <a href="https://www.eff.org/deeplinks/2012/04/open-letter-academics-and-engineers-us-congress">open letter</a> to Congress, prominent academics, experienced engineers, and cybersecurity professionals stated this unequivocally:</p>
<blockquote><p>We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties</p></blockquote>
<p>If you’re worried about Congress’s attempts to undermine our online privacy through misguided cybersecurity programs, please send them an <a href="https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8444">email through our action center</a> asking them to safeguard our online privacy in the cybersecurity debates. Also check out the <a href="https://twitter.com/efflive">@EFFLive</a> Twitter account for more coverage of yesterday’s hearing and our <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> page to read more about online tracking. If you haven’t done so already, here’s a <a href="https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser">quick guide</a> to turning on Do Not Track.</p>
</div></div></div>Fri, 29 Jun 2012 16:14:47 +0000rainey71104 at https://www.eff.orgCommentaryPrivacyDo Not TrackOnline Behavioral TrackingSenate Commerce Committee Considers Do Not Track & Online Tracking Thursdayhttps://www.eff.org/deeplinks/2012/06/Senate-Commerce-Committee-Considers-Do-Not-Track-Online-Tracking-Thursday
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><h3>Follow Thursday's Senate Hearing on Do Not Track Through the <a href="https://twitter.com/#%21/EFFLive">EFFLive Twitter Account</a></h3>
<p class="MsoNormal"><a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> (DNT) will be in the news yet again this week. In the wake of Microsoft's <a href="http://money.cnn.com/2012/06/01/technology/internet-explorer-do-not-track/index.htm">decision</a> to ship Internet Explorer 10 with Do Not Track on (DNT-1) by default and following face-to-face negotiations last week in Bellevue, Washington, the Senate Commerce Committee will take up Do Not Track at a <a href="http://commerce.senate.gov/public/index.cfm?p=Hearings&amp;ContentRecord_id=aa018084-ceea-472c-af63-97d7f44fac80">hearing</a> on Thursday at 10 am EST.</p>
<p class="MsoNormal">Do Not Track <span>sends a simple signal that tells websites that a user doesn’t want to be tracked and served ads based on the data gathered from tracking. </span>In a <a href="https://encrypted.google.com/url?sa=t&amp;rct=j&amp;q=eff.org%20do%20not%20track&amp;source=web&amp;cd=2&amp;ved=0CFMQFjAB&amp;url=https%3A%2F%2Fwww.eff.org%2Fdeeplinks%2F2012%2F06%2Fhow-turn-do-not-track-your-browser&amp;ei=FMfqT6iUKu2A2QXY4sGkAQ&amp;usg=AFQjCNF73oxaOzmXCqxzV_8ucffkcn9WfA&amp;sig2=mpNMBAIoYNJUUySFscdsAg&amp;cad=rja">previous post</a>, we've shown how users can turn the signal on in their browser settings. Currently, the W3C's <a href="http://www.w3.org/2011/tracking-protection">Tracking Protection Working Group</a>—of which EFF is an invited expert—is working on how to define standards for companies to respect the Do Not Track signal.</p>
<h4><b>The DAA wants Do Not Track to mean "Pretend Not To Track"</b></h4>
<p class="MsoNormal">Since Do Not Track is not yet a finalized standard, the current standard in place is a list of "<a href="https://www.eff.org/deeplinks/2011/11/daa-self-regulation-principles-fall-far-short-do-not-track">principles</a>" created by the Digital Advertising Alliance, <span class="st"><span>the latest self-regulatory organization for online behavioral advertising</span></span>. Unfortunately, the "principles" are very weak at protecting users who turn on Do Not Track. If you connect to a first party website like ESPN.com, affiliated companies like Disney.com (ESPN's parent company is The Walt Disney Company), and completely unrelated <span><a href="https://www.eff.org/deeplinks/2012/03/ftc-final-privacy-report-draws-map-meaningful-privacy-protection-online-world#databroker">data brokers</a></span>, are still able to obtain large amounts of data about you and your viewing habits. Such low standards would not offer protection against <a href="https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks">non-consensual collection</a> of people's reading habits or against companies like Google that have been caught <a href="https://www.eff.org/deeplinks/2012/02/time-make-amends-google-circumvents-privacy-settings-safari-users">circumventing</a> the privacy settings of users. In fact, the DAA principles would be more accurately titled "Do Not Target," or "Pretend Not To Track," than "Do Not Track."</p>
<p class="MsoNormal">EFF is adamant about creating a Do Not Track standard that favors user choice and protects user privacy. This is even more important when users are clear that they dislike online behavioral advertising. A <a href="https://www.eff.org/deeplinks/2012/04/some-companies-choose-do-not-target-over-do-not-track-what-are-user-attitudes">wide variety of studies</a> confirm this fact, with the most recent being a Pew study that found 68% of users <span>were "not okay" with having their "online behavior tracked and analyzed."</span></p>
<p class="MsoNormal">This week's hearing will look at the self-regulatory regime and follow up on advertisers' pledge to the FTC about not collecting users' personal information when using Do Not Track. It will also look at the current state of self-regulation, how it's working, and how advertisers can do a better job at protecting user privacy while also providing them with online advertising. The hearing will take place at 10 am EST and we'll be live tweeting it on our <a href="https://twitter.com/efflive">@EFFLive</a> account. See you there!</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div></div></div>Wed, 27 Jun 2012 20:23:56 +0000rainey71099 at https://www.eff.orgAnnouncementPrivacyDo Not TrackOnline Behavioral TrackingHow to Turn on Do Not Track in Your Browserhttps://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In recent years, online tracking companies have begun to monitor our clicks, searches and reading habits as we move around the Internet. If you are concerned about pervasive online web tracking by behavioral advertisers, then you may want to enable Do Not Track on your web browser. Do Not Track is unique in that it combines both technology (a signal transmitted from a user) as well as a policy framework for how companies that receive the signal should respond. As more and more websites <a href="https://www.eff.org/deeplinks/2012/05/new-privacy-policy-twitter-commits-respecting-do-not-track">respect</a> the Do Not Track signal from your browser, it becomes a more effective tool for protecting your privacy. EFF is working with privacy advocates and industry representatives through the W3C <a href="http://www.w3.org/2011/tracking-protection/">Tracking Protection Working Group</a> to define standards for how websites that receive the Do Not Track signal ought to response in order to best respect consumer's choices. </p>
<p>The following tutorial walks you through the enabling Do Not Track in the four most popular browsers: Safari, Internet Explorer 9, Firefox, and Chrome.</p>
<h3>Safari</h3>
<p>On the menu bar at the top of your screen, click on <i>Preferences</i>.</p>
<p>Select the Advanced preferences panel, shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Safari%20step%202.png" alt="" title="" height="326" width="645" /></p>
<p>Check the box at the bottom of the menu labeled "Show Develop menu in menu bar."</p>
<p>On the menu bar at the top of your screen, click on <i>Develop,</i> shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Safari%20step%203.png" alt="" title="" height="366" width="645" /></p>
<p>Click on "Send Do Not Track HTTP Header."</p>
<p>Congratulations. You have enabled Do Not Track on your Safari browser.</p>
<h3>Internet Explorer 9</h3>
<p>On the menu bar at the top of your screen, click the <i>Tools</i> button, which is shaped like a gear.</p>
<p>Point to <i>Safety</i>, and then click <i>Tracking Protection</i>, shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Screen%20Shot%202012-06-14%20at%201.28.08%20AM.png" alt="" title="" height="429" width="645" /></p>
<p>Go to the Manage Add-on dialog box, shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Screen%20Shot%202012-06-14%20at%201.29.41%20AM.png" alt="" title="" height="462" width="645" /></p>
<p>Click <i>Tracking Protection List</i>, and then click the Enable button in the lower right-hand corner of the box, shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Screen%20Shot%202012-06-14%20at%201.31.03%20AM.png" alt="" title="" height="460" width="645" /></p>
<p>Congratulations. You have enabled Do Not Track on your Microsoft Internet Explorer 9 browser.</p>
<h3>Firefox</h3>
<p>On the menu bar at the top of your screen, click on <i>Preferences</i>.</p>
<p>Select the <i>Privacy</i> tab, shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Firefox%20step%202.png" alt="" title="" height="595" width="616" /></p>
<p>At the top of this menu, check the box labeled "Tell websites I do not want to be tracked."</p>
<p>Congratulations. You have enabled Do Not Track on your Firefox browser.</p>
<h3>Google Chrome</h3>
<p>To enable Do Not Track in Chrome, you will need to install the Do Not Track browser extension.</p>
<p>On the menu bar at the top of your screen, click on <i>Window</i>.</p>
<p>In the Window menu, click on <i>Extensions</i>.</p>
<p>Chrome will display a control panel which shows all of the extensions you have installed on your browser, shown in the screenshot below.</p>
<p><img src="https://www.eff.org/files/images_insert/Screen%20Shot%202012-06-13%20at%205.54.27%20PM_0.png" alt="" title="" height="447" width="645" /></p>
<p>If you do not have any extension installed, click the <i>Browse the gallery</i>, shown above. If you have extensions installed already, scroll to the bottom of the control panel and click the <i>Get more extensions</i> link. These links will take you to the Chrome Web Store, shown in the screenshot below.</p>
<p>In the search box in the upper left hand corner, type "Do not track."</p>
<p><img src="https://www.eff.org/files/images_insert/Screen%20Shot%202012-06-13%20at%205.55.56%20PM.png" alt="" title="" height="447" width="645" /></p>
<p>Select the Do Not Track extension. EFF recommends the extension written by Jonathan Mayer and click "Add to Chrome."</p>
<p>In the drop down menu, shown in the screenshot below, click "Add."</p>
<p><img src="https://www.eff.org/files/images_insert/Screen%20Shot%202012-06-13%20at%205.56.33%20PM.png" alt="" title="" height="447" width="645" /></p>
<p>Congratulations. You have installed the Do Not Track extension on your Chrome browser.</p>
</div></div></div>Thu, 14 Jun 2012 08:32:13 +0000eva70925 at https://www.eff.orgTechnical AnalysisPrivacyDo Not TrackOnline Behavioral TrackingWill Industry Agree to a Meaningful Do Not Track?https://www.eff.org/deeplinks/2012/04/will-industry-agree-meaningful-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The fifth W3C meeting on Do Not Track was held in Washington DC last week. While progress has been made on many aspects of the standard for <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a>, several deep disagreements remain between privacy advocates and representatives of the online tracking industry.</p>
<p>Most seriously, ad industry representatives maintain that they need to be allowed to continue setting <a href="https://en.wikipedia.org/wiki/HTTP_Cookie">third-party tracking cookies</a> on browsers that send the Do Not Track HTTP header. This coalition of companies say they "only" want to track opted-out users for security purposes, market research, testing and improving their various advertising and tracking products, auditing, copyright enforcement and other "legal compliance" purposes, and "frequency capping" in order to manage online advertising campaigns — but not any other purposes.</p>
<p>Privacy advocates have offered to make enormous concessions in order to make Do Not Track adoption practical for Internet advertisers. Most extremely, this could allow companies to retain IP addresses and User Agents for short periods — and for a number of months in order to defend against <a href="https://en.wikipedia.org/wiki/Click_fraud">clickfraud</a>, "impression fraud," and security attacks, provided it is kept separate from other data.<a class="see-footnote" id="footnoteref1_g5hryqm" title="These practices are already used by some ad companies, but many others lag behind." href="#footnote1_g5hryqm">1</a></p>
<p>Despite these extreme concessions, most of the third-party tracking companies in the W3C process have demanded the right to keep setting unique ID cookies and using them for almost any purpose. Unless this situation changes, the W3C will be unable to set a policy standard for "Do Not Track" that actually offers any meaningful privacy for Internet users' reading habits.</p>
<p>In short, industry is trying to twist "Do Not Track" around so that it only means "Do Not Target". If things turn out that way, Internet users who do not want their online reading habits recorded by <a href="/deeplinks/2009/09/online-trackers-and-social-networks">invisible tracking companies</a> will have only one choice: use ad blocking tools to stop online tracking code themselves. In order for this to work, they will have to block a huge portion of the advertising on the Web, too.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_g5hryqm"><a class="footnote-label" href="#footnoteref1_g5hryqm">1.</a> These practices are already used by some ad companies, but many others lag behind.</li>
</ul></div></div></div>Mon, 16 Apr 2012 21:40:44 +0000pde70446 at https://www.eff.orgPolicy AnalysisPrivacyDo Not TrackOnline Behavioral TrackingAs Some Companies Choose "Do Not Target" Over "Do Not Track," What Are User Attitudes?https://www.eff.org/deeplinks/2012/04/some-companies-choose-do-not-target-over-do-not-track-what-are-user-attitudes
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><span><a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> continues its surge of momentum in the past few months. As we document in <i><a href="https://www.eff.org/deeplinks/2012/04/april-2012-state-do-not-track-lead-tracking-protecting-working-group-negotiations">The State of Do Not Track</a></i>, a number of stakeholders are recognizing the importance of user control over whether or not an online company can track users and how much information, if any, the company can collect. Noticeably absent from the conversation are hard numbers on users' attitudes towards online behavioral advertising, or "targeted advertising." </span></p>
<p class="MsoNormal"><span>Advertisers and media companies routinely dismiss privacy concerns when it comes to online advertising. At the Fortune Brainstorm Tech conference in 2009, Disney CEO Robert Iger <a href="https://www.youtube.com/watch?v=6DNYeeqBnos">stated</a>: "When you hear arguments about privacy, they tend to come from older people." Referring to how his daughters use the Internet, he continued, "When I talk to them about online privacy, they don't know what I'm talking about." Often, such statements are viewed as the norm in advertising circles. Just last week, Mike Zaneis, General Counsel of the Individual Advertising Bureau, a consortium of online advertisers, <a href="http://thehill.com/blogs/hillicon-valley/technology/219341-government-and-advertisers-have-different-ideas-of-do-not-track">discussed</a> how users "don't have the same level of concern" after they understand how targeted advertising works. Despite these assertions, there is a consistent trend showing users’ negative attitudes towards targeted advertising—even when they understand what information companies collect.</span></p>
<p class="MsoNormal"><span>In 2009, </span><span>academics from UC Berkeley and the University of Pennsylvania </span><span><a target="_self" href="https://www.eff.org/files/Turow%20King%20Hoofnagle%202010_0.pdf">asked</a> (PDF) over 1,000 respondents about "tailored" (targeted) advertising. When asked about tailored ads, 66% of respondents said they would not want websites to show them ads based on their interests. Next, respondents were asked whether they wanted tailored advertising based on actions they took on the website they visited. Overall, 75% of respondents said they did not want tailored ads served to them in this manner. Breaking it out by age group, 67% of respondents between 18-24, and 82% of respondents between 50-64 did not want tailored ads served to them this way. Researchers then asked whether respondents would want tailored ads based on their activity on "other websites." The result: 86% of 18-24 year olds and 91% of 50-64 year olds said they "definitely" do not want tailored ads served to them this way. </span><span>In a follow up study expanding on the data from 2009, the researchers also found that 68% of respondents believed "there should be a law that gives people the right to know everything that a website knows about them.” </span><span></span></p>
<p class="MsoNormal"><span>The results were reiterated in a <a target="_self" href="https://www.eff.org/files/USA%20Today%3AGallup%20Poll%20Dec_21_2010_0.pdf">December 2010 USA Today/Gallup poll</a> (PDF). In this survey, respondents were informed that websites were able to "match advertisements" to specific user interests by collecting what websites a user visited. 67% of respondents answered no when asked whether "advertisers should or should not be allowed to do this."<br /></span></p>
<p class="MsoNormal"><span>The Gallup poll also tackled industry claims about how targeted advertising helps lower the cost of Internet services. <span></span>Gallup asked </span><span>users if methods to gather information for targeted ads were "justified because they keep costs down so users can visit websites for free." The result? 61% of respondents said no. </span><span></span></p>
<p class="MsoNormal"><span>Negative attitudes toward targeted advertising continued through 2011. In conjunction with Harris Interactive, TRUSTe, an online privacy firm, conducted a <a target="_self" href="https://www.eff.org/files/TRUSTe-2011-Consumer-Behavioral-Advertising-Survey-Results.pdf">survey</a> (PDF) in July 2011 about online behavioral advertising. After describing online behavioral advertising neutrally, TRUSTe found that 54% of respondents stated they "do not like" online behavioral tracking and 85% of respondents said they would not consent to tracking for ad targeting. <span> </span>When respondents were asked about tracking their online behavior for websites to improve content: 78% said they would not consent to tracking for such purposes. </span></p>
<p class="MsoNormal"><span>In "</span><span><a target="_self" href="https://www.eff.org/files/Willis%20and%20Zeljkovic.pdf">A Personalized Approach to Web Privacy—Awareness, Attitudes and Actions</a>," (PDF) </span><span>users were informed about what type of information websites were able to collect. In the study, respondents were shown a list of websites they visited that were obtained by tracking cookies on their computers. 63% of users said they were "concerned by the level of monitoring."<br /></span></p>
<p class="MsoNormal"><span>Pew's Internet and American Life project released the most <a target="_self" href="https://www.eff.org/files/Pew%202012_0.pdf">recent poll</a> (PDF) on user attitudes in February 2012 and further confirmed the continuing trend of users’ negative attitudes towards online behavioral tracking. The report concluded: "a majority of every demographic group says they are not okay with targeted online advertising." Pew found that 68%—roughly two-thirds—answered they were "not okay with it because I don't like having my online behavior tracked and analyzed." When you break out the question by age, almost six-in-ten (59%) people between the age of 18 and 29, and almost eight-in-ten people between the ages of 50 and 64 (78%) disapproved of the practice.</span></p>
<p class="MsoNormal"><span>The trend of user positions on online behavioral advertising is clear, but even as companies <a href="https://www.eff.org/deeplinks/2012/04/april-2012-state-do-not-track-lead-tracking-protecting-working-group-negotiations#yahoo">continue advertising their support</a> for Do Not Track, some of them are still collecting data when users send the Do Not Track <a href="https://secure.wikimedia.org/wikipedia/en/wiki/List_of_HTTP_header_fields">header</a>. No means no. And when user attitudes are clear on such issues there is an even greater imperative for companies to respect users’ wishes.</span></p>
</div></div></div>Tue, 10 Apr 2012 14:38:04 +0000jaycox70210 at https://www.eff.orgNews RoundupPrivacyDo Not TrackOnline Behavioral TrackingWhite House, Google, and Other Advertising Companies Commit to Supporting Do Not Trackhttps://www.eff.org/deeplinks/2012/02/white-house-google-and-other-advertising-companies-commit-supporting-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>When Stanford researcher Jonathan Mayer uncovered a Google workaround to circumvent the default privacy settings on Safari, EFF <a href="https://www.eff.org/deeplinks/2012/02/time-make-amends-google-circumvents-privacy-settings-safari-users">called on Google</a> to change their tune on privacy by respecting the Do Not Track flag and building it into the Chrome browser. We specifically praised the World Wide Web Consortium (W3C) multi-stakeholder process, which for a year has been convening consumer advocates, Internet companies, and technologists to craft how companies that receive the Do Not Track signal should respond. Today, in conjunction with the White House’s new publication <a href="http://www.whitehouse.gov/sites/default/files/email-files/privacy_white_paper.pdf">Consumer Data Privacy in a Networked World</a> (PDF), the Digital Advertising Alliance (DAA) <a href="http://www.aboutads.info/resource/download/DAA_Committment.pdf">announced</a> (PDF) that it will embrace Do Not Track. (The DAA is the latest self-regulatory organization for online advertising companies.) This is a big step in the right direction for securing user privacy rights in the digital environment, but we’ve still got a long way to go. And, unfortunately, it looks like online advertisers are already working to water down the Do Not Track protections.</p>
<p>There are two parts to Do Not Track: technology and policy. The technology, a simple HTTP header (“DNT: 1”), allows a consumer to signal her privacy preference. The policy specifies what companies can and can’t do when they receive the signal. <a href="https://www.eff.org/issues/do-not-track">Read more.</a></p>
<p>Today’s announcements are great news for the Do Not Track technology. Google, a member of the DAA, has committed to add the feature to Chrome. While we haven’t seen the user interface, presumably it’ll be a one-click check box easily accessible through your browser settings, similar to what other browsers offer. Even better, Google and other members of the DAA -- including Yahoo!, Microsoft, and AOL -- are committing to adding support for the Do Not Track technical signal.</p>
<p>Today also brought good news for enforcing Do Not Track. The White House recognized that user privacy protections are nearly useless without a method of enforcement, so it has reaffirmed that companies that commit to respecting Do Not Track will be subject to Federal Trade Commission (FTC) enforcement.</p>
<p>Time to celebrate? Should we declare February 23rd V-DNT Day? Not quite. While today was a great advancement on the Do Not Track technology, it did not meaningfully move the ball forward on the Do Not Track policy. Even as Google and the other giant advertisers make strong gestures toward giving users meaningful choice when it comes to online tracking, portions of today’s two announcements are also undermining some of the most powerful consumer protections. Specifically:</p>
<p><b>Favoring industry-crafted standards</b></p>
<p>The W3C is a long-respected Internet governance body that brings together a wide range of stakeholders -- including civil liberties advocates, engineers, and industry representatives -- to reach accord about standards affecting the future of the Internet. EFF and lots of other consumer groups are <a href="https://www.eff.org/deeplinks/2011/09/eff-advocates-privacy-w3c-do-not-track">involved in the process</a>, and anybody can read up on what’s happening through the <a href="http://www.w3.org/2011/tracking-protection/track/issues/raised">publicly available meeting notes</a>. For a year, W3C has been working to pin down how various websites should respect the Do Not Track header. Internet companies, including Google, have been actively participating.</p>
<p>The DAA, on the other hand, is an industry group for online advertisers. It includes no consumer advocates or regulators and it doesn’t offer an opportunity for public participation in their decision-making process. Historically, the DAA has eschewed providing users with powerful mechanisms for choices when it comes to online tracking. The <a href="http://www.aboutads.info/consumers#opt-out">self-regulatory standards</a> for behavioral advertising have offered consumers a way to opt out of viewing behaviorally targeted ads without actually stopping the online tracking which is the root of the privacy concern.</p>
<p>While we appreciate that DAA is interested in respecting the Do Not Track flag, it’s important that they engage with the larger Internet community in doing so. DAA should use the W3C for the purposes of defining Do Not Track and determining how websites that receive this signal should react. And the White House, similarly, should turn to the well-established W3C multi-stakeholder process for addressing these issues.</p>
<p><b>Chipping away at Do Not Track’s simplicity </b></p>
<p>If you’re using the most recent version of Firefox, you can turn on Do Not Track by going into your preferences and checking the box that says “Tell websites I do not want to be tracked.” Pretty straightforward, from a user’s standpoint. But DAA is trying to tamper with this simplicity. In its statement, the coalition of online advertisers say that they'll respect Do Not Track where a consumer "has been provided language that describes to consumers the effect of exercising such choice including that some data may still be collected." Then they noted their intention to “begin work immediately with browser providers to develop consistent language across browsers.”</p>
<p>The most skeptical interpretation of this statement is that the straightforward language for turning on Do Not Track might turn into some slippery legalese that doesn’t promise to do much of anything about tracking. We hope that’s not the case; much of Do Not Track’s power came from its straightforward, human-readable format.</p>
<p><b>No privacy-protective default settings </b></p>
<p>The DAA added another exception into their promise to respect Do Not Track: they won’t respect the setting unless a user affirmatively chooses Do Not Track and won’t respect it if “any entity or software or technology provider other than the user exercises such a choice.” This seems geared toward preventing a privacy-protective browser from turning Do Not Track on by default.</p>
<p>It’s important that advertising companies remember that users can express a preference simply by choosing a privacy-protective browser. In the same way many users may have chosen the Safari browser because of its privacy-protective policies regarding third-party tracking, many users in the future might affirmatively choose a browser that has Do Not Track enabled by default. </p>
<p>While there remain serious concerns about attempts to water down enforceable tracking protection for consumers, one thing is clear: Today represents a powerful step forward in helping users protect their online privacy. We applaud Google’s decision to implement Do Not Track in the Chrome browser, and we’re looking forward to collaborating with the DAA and other stakeholders in the W3C to communicate the concerns of users and advocates in online tracking issues. </p>
</div></div></div>Thu, 23 Feb 2012 22:19:12 +0000rainey69792 at https://www.eff.orgPrivacyDo Not TrackOnline Behavioral TrackingObama Administration Unveils Promising Consumer Privacy Plan, but the Devil Will Be in the Detailshttps://www.eff.org/deeplinks/2012/02/obama-administration-unveils-promising-consumer-privacy-plan-devil-details
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today the White House proposed a framework for protecting privacy in the digital age. The plan, laid out in detail in a <a href="http://www.whitehouse.gov/sites/default/files/privacy-final.pdf">white paper</a> (pdf), includes a Consumer Privacy Bill of Rights based on well-established <a href="http://itlaw.wikia.com/wiki/Fair_Information_Practice_Principles">fair information practice principles</a>. EFF, which has previously proposed a <a href="https://www.eff.org/deeplinks/2010/05/bill-privacy-rights-social-network-users">Bill of Privacy Rights for Social Network Users</a>, believes this user-centered approach to privacy protection is a solid one.</p>
<p>The Administration's bill of rights guarantees:</p>
<ul><li><strong>Individual Control</strong>. Consumers have a right to exercise control over what personal data companies collect and how they use it.</li>
<li><strong>Transparency</strong>. Consumers have a right to easily understandable and accessible information about privacy and security practices.</li>
<li><strong>Respect for Context</strong>. Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.</li>
<li><strong>Security</strong>. Consumers have a right to secure and responsible handling of personal data.</li>
<li><strong>Access and Accuracy</strong>. Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.</li>
<li><strong>Focused Collection</strong>. Consumers have a right to reasonable limits on the personal data that companies collect and retain.</li>
<li><strong>Accountability</strong>. Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.</li>
</ul><p>The Administration vowed to push toward enacting these foundational principles into law, and encouraged Congress to give the Federal Trade Commission the sign-off to enforce them. The Department of Commerce will also bring together companies, consumer groups, and other stakeholders to develop legally enforceable codes of conduct for particular markets.</p>
<p>Finally, the Administration's framework will encourage global data protection by promoting mutual recognition of nations' privacy frameworks and cooperative enforcement among countries.</p>
<p>EFF applauds the principles underlying the White House proposal and believes it reflects an important commitment to safeguard users' data in the networked world without stifling innovation. Only time will tell whether the proposal will be implemented in a way that effectively protects user privacy, and that's where the rubber meets the road. We'll have more to say about that in the coming days.</p>
</div></div></div>Thu, 23 Feb 2012 19:37:48 +0000marcia69787 at https://www.eff.orgInternationalPrivacyOnline Behavioral TrackingSocial NetworksGoogle Circumvents Safari Privacy Protections - This is Why We Need Do Not Trackhttps://www.eff.org/deeplinks/2012/02/time-make-amends-google-circumvents-privacy-settings-safari-users
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier today, the Wall Street Journal <a href="http://online.wsj.com/article_email/SB10001424052970204880404577225380456599176-lMyQjAxMTAyMDEwNjExNDYyWj.html?mod=wsj_share_email#articleTabs%3Darticle">published evidence</a> that Google has been circumventing the privacy settings of Safari and iPhone users, tracking them on non-Google sites despite Apple's default settings, which were intended to prevent such tracking.</p>
<p>This tracking, discovered by Stanford researcher <a href="https://www.stanford.edu/%7Ejmayer">Jonathan Mayer</a>, was a technical side-effect—probably an unintended side-effect—of a system that Google built to pass social personalization information (like, “your friend Suzy +1'ed this ad about candy”) from the google.com domain to the <a href="https://en.wikipedia.org/wiki/DoubleClick">doubleclick.net</a> domain. Further technical explanation can be found below.</p>
<p>Coming on the heels of Google’s controversial decision to tear down the privacy-protective walls between some of its other services, this is bad news for the company. It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users. One way that Google can prove itself as a good actor in the online privacy debate is by providing meaningful ways for users to limit what data Google collects about them. Specifically, it’s time that Google's third-party web servers start respecting Do Not Track requests, and time for Google to offer a built-in Do Not Track option.</p>
<p>Meanwhile, users who want to be safe against web tracking can't rely on Safari's well-intentioned but circumventable protections. Until Do Not Track is more widely respected, users who wish to defend themselves against online tracking should use <a href="https://adblockplus.org/">AdBlock Plus</a> for Firefox or Chrome, or Tracking Protection Lists for Internet Explorer.<a class="see-footnote" id="footnoteref1_wjt4znl" title="As this blog goes to press, we are unsure whether ad blockers for Safari can prevent the browser from sending requests, which is essential for this kind of privacy protection to be effective." href="#footnote1_wjt4znl">1</a> AdBlock needs to be used with <a href="https://easylist.adblockplus.org/">EasyPrivacy and EasyList</a> in order to <a href="http://cyberlaw.stanford.edu/node/6730">offer maximal protection</a>.</p>
<h3>Technical details: Google tries to poke a small hole in Safari's privacy protections, but the hole becomes very large</h3>
<p>The Safari and iOS browsers have a useful privacy feature: they automatically reject third-party tracking cookies unless a user actively interacts with a widget or clicks on the third party's ads. This is a big step up from the default settings on most browsers. Advertisers typically use tracking cookies to create an invisible record of your online browsing habits, and large advertisers can <a href="https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks">track you across huge swaths of the web</a>. Safari offers some protection against this type of passive tracking: it specifically prevents a site from setting cookies unless those cookies are from a domain name that you have visited or interacted with directly.</p>
<p>As Google engineers were building the system for passing facts like "your friend Suzy +1'ed this ad" from google.com to doubleclick.net, they would have likely realized that Safari was stopping them from linking this data using third-party DoubleClick cookies. So it appears they added special JavaScript code that tricked Safari into thinking the user was interacting with DoubleClick,<a class="see-footnote" id="footnoteref2_71ks8o3" title="The code was web developers call a &quot;hidden form submission&quot;, contained in a DoubleClick iframe. This code was only sent to Apple's browsers: Mayer tested 400 user-agent strings, and found that only Safari received the JavaScript that performed hidden form submissions." href="#footnote2_71ks8o3">2</a> causing Safari to allow the cookies that would facilitate social personalization (and perhaps, at some point, other forms of pseudonymous behavioral targeting). This was a small hole in Safari's privacy protections.</p>
<p>Unfortunately, that had the side effect of completely undoing all of Safari's protections against doubleclick.net. It caused Safari to allow <i>other</i> DoubleClick cookies, and especially the main "id" tracking cookie that Safari normally blocked. Like a balloon popped with a pinprick, all of Safari's protections against DoubleClick were gone.</p>
<p>The Wall Street Journal has an<a href="http://online.wsj.com/article/SB10001424052970204880404577225380456599176.html#articleTabs%3Dinteractive"> excellent infographic</a> explaining this process.</p>
<h3>The right hand is not talking to the left</h3>
<p>Public statements by Google have indicated that parts of the company had a fairly good understanding of Safari's privacy protections:</p>
<p><img src="/sites/default/files/images_insert/safari-opt-out-3.jpg" height="323" width="563" /></p>
<p>In the screenshot above, Google states: “While we don’t yet have a Safari version of the Google advertising cookie opt-out plugin, Safari is set by default to block all third party cookies. If you have not changed those settings, this option effectively accomplished the same thing as setting the opt-out cookie.” If only that had stayed true.</p>
<p>Safari gives users an opportunity to block passive tracking by online advertisers. Google's decision to route around those settings took it down a dangerous road. Any code that was specifically designed to circumvent privacy protection features should have triggered a much higher level of review and caution, and that clearly did not happen.</p>
<p><a href="http://afs.berkeley.edu/%7Echoofnagle/canadvertiserslearn.pdf">Can Advertisers Learn That "No Means No"</a> (PDF), a research study on flash cookies published in 2011, characterized online advertisers who used flash cookies to override user privacy settings as paternalistic:</p>
<blockquote><p>Advertisers see individuals as objects. When conceived of as objects, consumers’ preferences no longer matter. Privacy can be coded into oblivion or be circumvented with technology. Our 2009 and 2011 work empirically demonstrates that advertisers implement paternalistic judgments that subjects of targeted marketing cannot make proper judgments for themselves.</p></blockquote>
<p>Today, Google looks just as paternalistic as ad networks setting flash cookies to outfox people who try to delete their cookies.</p>
<p>People around the world rely on Safari to browse the web, including iPhone users, whose choices are severely limited by Apple's walled garden. That’s a lot of people who are denied a voice when it comes to online tracking.</p>
<h3>It’s Time for Google to Make Amends: an Open Letter to Google</h3>
<p>Google, the time has finally come. You need to make a pro-privacy offering to restore your users’ trust.</p>
<p>Internet users worldwide have loved your products for years, and we’ve often praised your stance on free expression and transparency and your efforts to limit government access to users’ information. But when it comes to consumer choice around privacy, your commitment to users has been weaker. That’s bad for users, for the future of the Internet, and ultimately, for you. We need to create an Internet that gives users meaningful choice about sharing their personal data, and we need your help to do it.</p>
<p>It’s time for a new chapter in Google’s policy regarding privacy. It’s time to commit to giving users a voice about tracking and then respecting those wishes.</p>
<p>For a long time, we’ve hoped to see Google respect Do Not Track requests when it acts as a third party on the Web, and implement Do Not Track in the Chrome browser. This privacy setting, available in every other major browser, lets users express their choice about whether they want to be tracked by mysterious third parties with whom they have no relationship. And even if a user deleted her cookies, the setting would still be there.</p>
<p>Right now, EFF, Google, and many other groups are involved in a multi-stakeholder process to define the scope and execution of Do Not Track through the <a href="http://www.w3.org/2011/tracking-protection/">Tracking Protection Working Group</a>. Through this participatory forum, civil liberties organizations, advertisers, and leading technologists are working together to define how Do Not Track will give users a meaningful way to control online tracking without unduly burdening companies. This is the perfect forum for Google to engage on the technical specifications of the Do Not Track signal, and an opportunity to bring all parties together to fight for user rights. While the Do Not Track specification is not yet final, there's no reason to wait. Google has repeatedly led the way on web security by implementing features long before they were standardized. Google should do the same with web privacy. Get started today by linking Do Not Track to your existing opt-out mechanisms for advertising, +1, and analytics.</p>
<p>Google, make this a new era in your commitment to defending user privacy. Commit to offering and respecting Do Not Track.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_wjt4znl"><a class="footnote-label" href="#footnoteref1_wjt4znl">1.</a> As this blog goes to press, we are unsure whether ad blockers for Safari can prevent the browser from sending requests, which is essential for this kind of privacy protection to be effective.</li>
<li class="footnote" id="footnote2_71ks8o3"><a class="footnote-label" href="#footnoteref2_71ks8o3">2.</a> The code was web developers call a "hidden form submission", contained in a DoubleClick iframe. This code was only sent to Apple's browsers: Mayer tested 400 <a href="https://en.wikipedia.org/wiki/User_agent">user-agent strings</a>, and found that only Safari received the JavaScript that performed hidden form submissions.</li>
</ul></div></div></div>Fri, 17 Feb 2012 04:00:03 +0000rainey69749 at https://www.eff.orgCall To ActionPrivacyDo Not TrackOnline Behavioral TrackingIsraeli Firm Allot Communications Ltd Under Fire for Selling Spyware to Iranhttps://www.eff.org/deeplinks/2011/12/israeli-firm-under-fire-selling-spyware-iran
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>"Israeli spy gear sent to Iran via Denmark," reads the <a href="http://www.ynetnews.com/articles/0,7340,L-4165821,00.html">headline</a> from Israeli paper <em>YNet News</em>. Today, yet another breaking story of a high-tech company selling spyware to an authoritarian regime emerged. As a <a href="http://www.bloomberg.com/news/2011-12-23/israel-didn-t-know-high-tech-gear-was-sent-to-iran-via-denmark.html">detailed report</a> by <em>Bloomberg News</em>' Ben Elgin--who has made a name for himself this year <a href="https://www.npr.org/2011/12/14/143639670/the-technology-helping-repressive-regimes-spy">reporting on the surveillance industrial complex</a>--explains, Israeli company Allot Communications Ltd. clandestinely sold its product NetEnforcer to Iran by way of Denmark.</p>
<p>Although <a href="http://www.haaretz.com/news/diplomacy-defense/report-israeli-company-sold-surveillance-equipment-to-iran-1.403107">one report</a>, from Israeli news site <em>Haaretz</em>, claims that NetEnforcer can be used to conduct deep packet inspection, the company <a href="http://www.sacbee.com/2011/12/23/4142373/allot-communications-responds.html">denies this</a>, stating that "<span>[NetEnforcer] is not designed for intrusive surveillance purposes. Its intent is to optimize internet traffic for Enterprises and Internet service providers by identifying and prioritizing applications. Our equipment lacks any capability to analyze or extract knowledge on the actual content of internet traffic." Nevertheless, NetEnforcer <a href="http://www.allot.com/NetEnforcer_AC-500.html#products">can be used</a> to track, block, and filter various types of applications. It can also be used for URL redirection.</span></p>
<p><span>Israeli companies are prohibited from all types of transactions with Iran. According to <em>Bloomberg</em>, three former sales employees for Allot claim that "it was well known inside the company that the equipment was headed for Iran." <a href="http://www.themarker.com/wallstreet/middle-east/1.647181">According to</a> <em>The Marker</em> (a publication of <em>Haaretz</em>) [he], if that can be proven to a judge in an Israeli court, the company could face up to seven years in prison, as well as a fine of up to <a href="http://www.industry.org.il/?CategoryID=1161&amp;ArticleID=7126">six million NIS</a>.<br /></span></p>
<p>The Allot case is reminiscent of that of American company BlueCoat, which earlier this year was found to have sold to Syria via a third country. Like Allot, BlueCoat <a href="https://www.eff.org/deeplinks/2011/10/blue-coat-acknowledges-syrian-government-use-its-products">could be found liable</a> for the sale if it was made knowingly, due to regulations placed on the sale of certain technology to Syria under the US Department of Treasury's Office of Foreign Assets Control. In both cases, bans on trade failed, bringing into question the effectiveness of existing regulations.</p>
<p>Companies selling spyware to foreign regimes have long relied on the "get out of jail free" card of claiming they were unaware of their company's customers. This is no longer acceptable. Companies must <a href="https://www.eff.org/deeplinks/2011/10/it%E2%80%99s-time-know-your-customer-standards-sales-surveillance-equipment">know their customer</a> and <a href="https://www.eff.org/deeplinks/2011/12/next-step-identifying-customers-surveillance-technology-companies-and-turning-heat">must be held responsible</a> for their actions.</p>
</div></div></div>Fri, 23 Dec 2011 21:47:47 +0000jillian68059 at https://www.eff.orgFree SpeechInternationalSurveillance TechnologiesPrivacyOnline Behavioral TrackingThe DAA's Self-Regulatory Principles Fall Far Short of Do Not Trackhttps://www.eff.org/deeplinks/2011/11/daa-self-regulation-principles-fall-far-short-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Last week, the Digital Advertising Alliance (DAA), as association of 6 online advertising groups<a class="see-footnote" id="footnoteref1_dzxufj7" title="The DAA is made up of 6 major online advertising groups, including American Association of Advertising Agencies (4A’s), American Advertising Federation (AAF), Association of National Advertisers (ANA), Direct Marketing Association (DMA), Interactive Advertising Bureau (IAB), Network Advertising Initiative (NAI)" href="#footnote1_dzxufj7">1</a>, published a set of <a href="http://www.aboutads.info/msdprinciples">Self-Regulatory Principles for Multi-Site Data.</a> These principles are designed to cover data collection above and beyond the <a href="http://www.aboutads.info/obaprinciples">standards</a> the group adopted for behavioral advertising. These principles are a mixed bag. Even while the new standards offer the potential to improve transparency and user choice in some instances, the language of the standards is loose enough to allow many of the concerning practices to continue unabated.<a class="see-footnote" id="footnoteref2_zjgotwp" title="Jonathan Mayer of Stanford University has a good summary of the principles here." href="#footnote2_zjgotwp">2</a> And, as is <a href="https://encrypted.google.com/url?sa=t&amp;rct=j&amp;q=world%20privacy%20forum%20self%20regulation&amp;source=web&amp;cd=1&amp;ved=0CCMQFjAA&amp;url=http%3A%2F%2Fwww.worldprivacyforum.org%2Fpdf%2FWPFselfregulationhistory.pdf&amp;ei=TKbBTtzkBca2hAekpdDKBA&amp;usg=AFQjCNEJmosrGdRKFvMquxLKxogXeHfdeg">often the case with self-regulatory models</a>, the DAA’s new standards won’t be enforced. Companies that violate the principles suffer no consequences.</p>
<p>Regulation of online tracking has been long-debated by industry figures and privacy advocates. At the core of the debate is how to strike a balance between users’ rights to protect their privacy when browsing the web and the needs of companies to implement new online services without burdensome government regulation. Thoughtful self-regulation has been heavily promoted by the advertising industry, and last Monday’s announcement is likely an attempt to obviate possible governmental regulation. This is no surprise; Congress has introduced <a href="http://www.privacywonk.net/2011/08/112th-privacy-legislation.php">several bills</a> that could regulate the collection of online data and the advertising industry is thus eager to prove their corporate citizenship when it comes to protecting privacy and choice.</p>
<p>But users should be skeptical about the DAA’s self-regulatory scheme, especially given their less-than-stellar performance record in safeguarding privacy in the past. We can see case studies in the limits of self-regulation in two of the DAA’s major online privacy initiatives: the advertising opt-out tool and the advertising icon.</p>
<ul><li>The DAA’s web-based <a href="http://www.aboutads.info/choices/">opt-out tool</a> can be used to install opt-out cookies on one’s browsers. The usability of this approach was evaluated by researchers at Carnegie Melon University in a study published a few weeks ago (<a href="http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html"><i>Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising</i></a><i>)</i>. The study found that users struggled to use the DAA tool: they found it difficult to navigate to the actual opt-out page; it wasn't obvious that opting out of all trackers required switching out of the default tab on the opt-out page; they didn’t realize that deleting cookies would negate the opt-outs; and they weren’t able to confirm whether opting out was effective. Perhaps most concerning, users didn’t grasp what the opt-out meant: users assumed that opting-out through the DAA form stopped online tracking, when in fact it merely adjusts the advertisements that are displayed. Tracking doesn't stop.</li>
<li>The DAA is also responsible for the <a href="http://www.aboutads.info/participants/icon/">advertising option icon</a>, designed to inform consumers about data collection and use practices. Like the opt-out tool, the advertising icon doesn’t actually do anything to stop online tracking. It’s merely designed to inform and educate users – and it may not even be able to do that. A 2011 <a href="http://www.dmnews.com/consumers-unaware-of-industry-self-regulatory-program-survey/article/208320/">survey</a> by Truste found that, while 70% of respondents were aware of online behavioral advertising, less than 5% recognized the DAA’s icons. And as security researcher Jonathan Mayer of Stanford <a href="http://cyberlaw.stanford.edu/node/6714">noted</a>, the icon often doesn’t appear at all.</li>
</ul><p>Like the DAA’s previous initiatives, there are no teeth in the <i>Principles for Multi-Site Data</i>. Enforcement is supposed to be achieved through a qualified, objective and independent professional service using procedures and standards generally accepted in the profession. While this is a good starting place, there are no repercussions spelled out for receiving a bad report. There’s no indication that fines or even formal reprimands will be issued to bad actors, and no provision for removing bad actors from the DAA.</p>
<p>This is similar to the DAA’s accountability program for online behavioral advertising, in which the Direct Marketing Association and the Council for Better Business Bureaus (CBBB) accept complaints about companies that are suspected of violating the self-regulatory guidelines. Beyond their byzantine processes for filing and responding to complaints, it’s unclear what the DMA and CBBB will actually do with any of the complaints they receive. On Tuesday, the CBBB released its first <a href="http://www.bbb.org/us/article/accountability-program-achieves-voluntary-compliance-with-online-behavioral-advertising-self-regulation-30529">summary of decisions</a> regarding online behavioral tracking. In the six instances, the CBBB convinced the company to adjust its practices, in most instances by having the company extend the expiration date of its opt-out cookie. The DAA self-regulatory approach doesn’t actually give consumers a method to say no to online tracking.</p>
<p>The DAA can and should take affirmative steps to protect user privacy. Most importantly, they could adopt forward-thinking standards for respecting <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a>, a browser setting currently available in Safari, Internet Explorer and Firefox. When turned on, Do Not Track sends a simple signal that tells websites that a user doesn’t want to be tracked. Users don’t have to visit a special website to turn it on and clearing cookies won’t turn it off; it’s a simple way for users to clearly communicate that they want to be able to use the Internet without handing over loads of sensitive data to companies with which they have no relationship.</p>
<p>While there are benefits to the DAA’s self-regulatory program, it should not be taken as a replacement for other forms of regulation. And the DAA’s self-regulatory principles, while not bad, fall far short of the user benefits of Do Not Track.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_dzxufj7"><a class="footnote-label" href="#footnoteref1_dzxufj7">1.</a> The DAA is made up of 6 major online advertising groups, including American Association of Advertising Agencies (4A’s), American Advertising Federation (AAF), Association of National Advertisers (ANA), Direct Marketing Association (DMA), Interactive Advertising Bureau (IAB), Network Advertising Initiative (NAI)</li>
<li class="footnote" id="footnote2_zjgotwp"><a class="footnote-label" href="#footnoteref2_zjgotwp">2.</a> Jonathan Mayer of Stanford University has a good summary of the principles <a href="http://cyberlaw.stanford.edu/node/6755">here.</a></li>
</ul></div></div></div>Tue, 15 Nov 2011 02:02:33 +0000rainey67733 at https://www.eff.orgCommentaryPrivacyDo Not TrackOnline Behavioral TrackingEFF's Membership Program Goes Open Sourcehttps://www.eff.org/2011/october/effs-membership-program-goes-open-source
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>If you were inspired to support digital civil liberties this afternoon, you may have noticed that EFF's donation pages look different. The information you enter will now wind its way to an EFF-hosted server and populate a local installation of the first-class, open source database management product for nonprofits, <a href="http://www.civicrm.org">CiviCRM</a>. EFF is proud to join a growing cadre of activist organizations using CiviCRM and will continue contributing to its ongoing success.</p>
<p><strong>Quick Guide to EFF's New Membership Center</strong></p>
<p>Your new EFF membership center, powered entirely by CiviCRM, is located at <a href="https://supporters.eff.org/">https://supporters.eff.org/</a>. There you can:</p>
<ul><li><a href="https://supporters.eff.org/donate">Donate to EFF</a>.</li>
<li><a href="https://supporters.eff.org/join">Become a member or renew your membership</a>.</li>
<li><a href="https://supporters.eff.org/subscribe">Subscribe to our weekly newsletter, EFFector.</a></li>
<li><a href="https://supporters.eff.org/account">Change your subscriptions or update your contact information</a>.</li>
<li><a href="https://supporters.eff.org/sustaining-members-eff">Sustaining members</a>, please call (415)436-9333 x120 or <a href="mailto:membership@eff.org">email us</a> if you would like to change your account information.</li>
<li type="_moz"><a href="https://supporters.eff.org/shop">Shop for our latest swag</a>.</li>
</ul><p>We have a new partner for advocacy campaigns as well: <a href="http://www.salsalabs.com">SalsaLabs</a>. When you take action as part of an advocacy campaign, SalsaLabs makes sure your letter reaches the right representative, and we make sure your data gets transferred to CiviCRM and deleted from SalsaLabs within 48 hours.</p>
<p><strong>Nonprofits Deserve Better Products</strong></p>
<p>The CiviCRM project began in 2006 with the lofty goal of becoming a viable alternative to proprietary database services for nonprofits. We applaud the founders’ foresight, as the choices available to nonprofits now are expensive, privacy invasive, and insecure.</p>
<p>This issue became personal for EFF in September of 2009. EFF, along with eight fellow nonprofit organizations, wrote and distributed to Congress a legislative <a href="https://www.eff.org/files/OnlinePrivacyLegPrimerSEPT09.pdf">primer</a> (pdf) entitled, "Online Behavioral Tracking and Targeting Concerns and Solutions," which contained nine principles designed to apply Fair Information Practices to the collection of electronic data about individuals, including collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.</p>
<p>A few days after publishing our legislative primer, EFF was contacted by someone at our membership database service, Convio, who challenged whether a nonprofit organization -- even one that espoused fair information principles -- could actually implement those principles in practice. Convio is full of "features" -- some that can be disabled, but many that cannot -- that are designed to track the behaviors of individuals who visit a nonprofit organization's system. Convio is not unique in this regard; virtually all of the membership databases currently being marketed to nonprofits are stuffed with "features" that enable those nonprofits to target their members based on online behaviors. While EFF had gone to extraordinary measures to turn off or disable many of these features, we believed our members deserved better.</p>
<p><strong>Designed By and For Nonprofits</strong></p>
<p>The CiviCRM community has done an excellent job creating a product that even non-technical organizations can feel comfortable working with. We have been pleasantly surprised to discover features built into CiviCRM that very much suit our preferences: reducing the time it takes to acknowledge our donors, or putting a stop sign image next to an email address that has opted out of a mailing list, for example. The CiviCRM community has given nonprofits an attractive alternative for managing and protecting the information donors entrust us to store responsibly.</p>
<p>The best part about using an open source solution that we host ourselves is that we can modify and extend it to fit our needs. Now that we're using CiviCRM, we have total control over the security of our data and our constituents' privacy. Instead of storing passwords in plaintext, we no longer store passwords at all. Now that we've switched to CiviCRM, we can safely force HTTPS on all parts of our membership center.</p>
<p>Equally important, using CiviCRM dramatically reduces the cost of supporting a robust membership program, so more dollars can go directly to the programs that actually support your digital rights. In the coming months, EFF's technologists and fundraising team will be speaking to a broader audience of nonprofits about our experiences leaving a proprietary platform in the hopes that more are inspired to follow, including the <a href="http://2011.badcamp.net/">Bay Area Drupal Camp</a> Conference at UC Berkeley on Friday. And we are eager participants in the CiviCRM project. EFF is hosting a Code Sprint at our new headquarters Tuesday through Thursday this week, where developers across the country will be adding and optimizing a number of new features.</p>
</div></div></div>Thu, 20 Oct 2011 04:41:05 +0000leez67528 at https://www.eff.orgAnnouncementOnline Behavioral TrackingFacebook’s Hotel California: Cross-Site Tracking and the Potential Impact on Digital Privacy Legislationhttps://www.eff.org/deeplinks/2011/10/facebook%E2%80%99s-hotel-california-cross-site-tracking-and-potential-impact-digital-privacy
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><h3>Tracking of Logged Out Users</h3>
<p>For its 800 millions users, logging out of Facebook is not something done idly. Closing the Facebook tab won’t do it. Closing your browser won’t do it unless you’ve adjusted the settings in your browser to clear cookies upon closing. And Facebook has buried the log-out button so that it isn’t apparent from your Facebook main page or profile page. This doesn’t mean that logging out of Facebook is difficult; it’s not. But this does indicate that when someone logs out of Facebook, they are doing so purposefully. They aren’t just stepping outside of Facebook; they’re closing the door behind them.</p>
<p>On September 25th, 2011, Nik Cubrilovic, a hacker and writer, <a title="blog post about Facebook tracking" href="https://nikcub.appspot.com/logging-out-of-facebook-is-not-enough">published a blog post</a><a class="see-footnote" id="footnoteref1_1njbtb2" title="According to his blog, Cubrilovic says he’s been trying to inform Facebook of these issues since November 14, 2010" href="#footnote1_1njbtb2">1</a> that showed that a particular Facebook session cookie wasn’t being deleted after a user logged out. He noted that the session cookie included your Facebook user id number, which would presumably facilitate Facebook associating any data they collected about your browsing the web with your Facebook account. Cubrilovic’s review showed that, based on what the cookies were transmitting, Facebook could easily connect some of your browsing habits to your unique Facebook account.</p>
<p>This set off a storm of media coverage, but much of it lacked a detailed analysis of what Facebook is actually tracking and an understanding of how this could influence pending privacy legislation in Congress.</p>
<h3>What Does Facebook Really Track?</h3>
<p>Facebook sets two types of cookies: session cookies and tracking cookies.</p>
<ul><li><em>Session cookies</em> are set when you log into Facebook and they include data like your unique Facebook user ID. They are directly associated with your Facebook account. When you log out of Facebook, the session cookies are supposed to be deleted.</li>
<li><em>Tracking cookies - </em>also known as persistent cookies - don’t expire when you leave your Facebook account. Facebook sets one tracking cookie known as <strong>'datr'</strong> when you visit Facebook.com, regardless of whether or not you actually have an account. This cookie sends data back to Facebook every time you make a request of Facebook.com, such as when you load a page with an embedded Facebook 'like' button. This tracking takes place regardless of whether you ever interact with a Facebook 'like' button. In effect, Facebook is getting details of where you go on the Internet.</li>
</ul><p>When you leave Facebook <em>without</em> logging out and then browse the web, you have both tracking cookies and session cookies. Under those circumstances, Facebook knows whenever you load a page with embedded content from Facebook (like a Facebook 'like' button) and also can easily connect that data back to your individual Facebook profile.</p>
<p>Based on Cubrilovic’s recent findings, there was also a period of time when you kept a session cookie after logging out of Facebook, allowing Facebook to easily associate your web browsing history and your Facebook account. Facebook says they’ve addressed this issue, and that now all session cookies are deleted at log out.</p>
<p>But there have been other concerns around Facebook tracking, including an issue that has surfaced three times in the last year. Dutch doctoral candidate Arnold Rosendaal, independent security researcher Ashkan Soltani, and Stanford doctoral candidate and law student Jonathan Mayer have each discovered instances in which Facebook was setting tracking cookies on browsers of people when they visited sites other than Facebook.com. These tracking cookies were being set when individuals visited certain Facebook Connect sites, like CBSSports. As a result, people who never interacted with a Facebook.com widget, and who never visited Facebook.com, were still facing tracking by Facebook cookies.</p>
<p>But there’s yet another layer to this, a layer often glossed over by mainstream coverage of this issue: <em>Facebook can track web browsing history without cookies.</em> Facebook is able to collect data about your browser – including your IP address and a range of facts about your browser – without ever installing a cookie. They can use this data to build a record of every time you load a page with embedded Facebook content. They keep this data for <a href="https://www.facebook.com/help/?faq=17512">90 days</a> and then presumably discard or otherwise anonymize it. That's a far cry from being able to shield one’s reading habits from Facebook.</p>
<h3>Facebook’s Response</h3>
<p>For its part, Facebook admits they collected the data through the accidental setting of tracking cookies and the failure to delete session cookies upon log out - but says these were oversights. They say that the issues are now resolved. They expanded their <a href="https://www.facebook.com/help/?page=176591669064814">help section</a> and sent us this statement:</p>
<blockquote><p>Facebook uses cookies to provide customized content, measure the performance of our products, and protect individual users and our service. We do not track people across the Web to sell that information or use it to target advertisements. In recent instances, when we were made aware that certain cookies were sending more information to us than we had intended, we fixed our cookie management system immediately.</p>
<p>Our intentions stand in stark contrast to the many ad networks and data brokers that deliberately and, in many cases, surreptitiously track people to create profiles of their behavior, sell that content to the highest bidder, or use that content to target ads on sites across the Internet.</p></blockquote>
<h3>The Trust Gap</h3>
<p>For users concerned about privacy, this statement is small consolation. It’s clear that Facebook does extensive cross-domain tracking, with two types of cookies and even without. With this data, Facebook could create a detailed portrait of how you use the Internet: what sites you visit, how frequently you load them, what time of day you like to access them. This could point to more than your shopping habits – it could provide a candid window into health concerns, political interests, reading habits, sexual preferences, religious affiliations, and much more.</p>
<p>Facebook insists they aren’t misusing the data they are collecting. The question is then: do we as Internet users trust Facebook? Do we trust them not to connect our data with our Facebook profiles, sell it to marketers, or provide it to the government upon request? If Facebook’s business model becomes less profitable in the coming years, do we trust them to continue to not connect tracking data to profiles? If the government brings pressure to bear on Facebook, do we trust Facebook to stand with users and safeguard the data they’ve collected? And, do we believe that Facebook isn’t actually connecting browsing data to profiles now, given their history of mistakes when it comes to tracking and the clear market incentive they would derive from that sort of connection?</p>
<p>This is the “trust gap”- the space between what Facebook promises they are doing with the data they are collecting and what we as Facebook users can reasonably trust them to do. And, when it comes to safeguarding the sensitive reading habits of millions of users, the trust gap is pretty wide.</p>
<h3>Could Privacy Snafus Spur Privacy Legislation?</h3>
<p>If you are uneasy with Facebook’s cross-domain tracking, you aren’t alone. This has led to a <a href="http://www.pcmag.com/article2/0,2817,2393825,00.asp">call from lawmakers</a> as well as <a href="http://epic.org/privacy/facebook/EPIC_Facebook_FTC_letter.pdf">privacy advocates</a> to have the FTC investigate whether Facebook deceived users by tracking logged-out users. And a group of 6 Facebook users has <a href="http://www.pcmag.com/article2/0,2817,2394032,00.asp">filed suit</a> against Facebook over this issue.</p>
<p>This newest privacy snafu could prod legislators into moving on one of the <a href="http://www.privacywonk.net/2011/08/112th-privacy-legislation.php">many online privacy bills</a> that have been introduced this year. Users’ unease with the quickly-evolving technical capabilities of companies to track users, combined with the abstruse ways in which that data can be collected (from social widgets to super cookies to fingerprinting), has resulted in a growing user demand to have Congress provide legal safeguards for individual privacy when using the Internet.</p>
<p>Unsurprisingly, Facebook hopes that its brand of data collection through ‘like’ buttons won’t be subject to federal regulation. According to <a href="http://adage.com/article/digital/sens-john-mccain-john-kerry-intro-online-privacy-bill/226948/">AdAge</a>, Facebook sent an “army of lawyers” to Washington to convince Senators McCain and Kerry to carve out exceptions to their recently introduced privacy bill so that Facebook could track their users via social widgets on other sites (dubbed the "<a href="https://www.eff.org/deeplinks/2011/04/well-meaning-privacy-bill-rights-could-codify">Facebook loophole</a>"). But while Kerry and McCain may have acquiesced to Facebook's requests, Senator Rockefeller did not. He introduced<a href="http://arstechnica.com/tech-policy/news/2011/05/privacy-groups-applaud-senator-rockefellers-do-not-track-bill.ars"> legislation</a> that would empower the FTC to create rules around how best to protect users online from pervasive online tracking by third parties.</p>
<p>Facebook seems keen to influence future legislation on these issues. They recently <a href="http://thehill.com/blogs/hillicon-valley/technology/183951-facebook-forming-own-pac-to-back-candidates">filed paperwork</a> to form a political action committee that will be "supporting candidates who share our goals of promoting the value of innovation to our economy while giving people the power to share and make the world more open and connected."</p>
<p>We hope that these efforts to influence politicians won't come at the cost of strong protections for user privacy on the Internet. As the situation currently stands, the resources available to governments and corporations to track users across the Internet far outstrip the resources of the average user to fend off such tracking. And from all appearances, self-regulation by industry is failing. </p>
<h3>What You Can Do</h3>
<p>If you find yourself creeped-out by being tracked by Facebook on non-Facebook sites, then you have a few options to protect yourself and voice your concerns.</p>
<ul><li>Install Firefox addons like <a href="http://www.ghostery.com/">Ghostery,</a> <a href="http://sharemenot.cs.washington.edu/">ShareMeNot</a>, <a href="http://www.abine.com/preview/taco.php">Abine’s Taco</a>, and/or <a href="https://adblockplus.org/en/">AdBlockPlus</a> to limit online tracking. None of these is perfect and each works a little different; check out <a href="http://cyberlaw.stanford.edu/node/6730">this guide</a> for a discussion. Also consider installing the <a href="http://priv3.icsi.berkeley.edu/">Priv3 Firefox extension</a>, which is still in beta.</li>
<li>Use private browsing mode.</li>
<li>Adjust the settings in your browser to delete all cookies upon closing. Clear your cookies when leaving a social networking site, and log out of Facebook before browsing the web. You should consider having one browser strictly for logging into your Facebook account and one browser for the rest of your web usage.</li>
<li>Support privacy legislation like the Rockefeller Do Not Track bill, which will give users a voice when it comes to online tracking.</li>
</ul><ul class="footnotes"><li class="footnote" id="footnote1_1njbtb2"><a class="footnote-label" href="#footnoteref1_1njbtb2">1.</a> According to his blog, Cubrilovic says he’s been trying to inform Facebook of these issues since November 14, 2010</li>
</ul></div></div></div>Mon, 10 Oct 2011 18:34:07 +0000rainey67499 at https://www.eff.orgTechnical AnalysisPrivacyOnline Behavioral TrackingEFF Urges Senators to Recognize Need for Updated Privacy Lawshttps://www.eff.org/deeplinks/2011/07/eff-urges-senators-recognize-need-updated-privacy
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF and other privacy and consumer groups like <a href="https://www.privacyrights.org/">Privacy Rights Clearinghouse</a> and <a href="http://www.consumer-action.org/">Consumer Action</a> have publicly responded to industry allegations that effective privacy regulations would harm the economy and innovation. A letter by sixteen trade groups—including the American Advertising Federation and the U.S. Chamber of Commerce—addressed to party heads of the U.S. Senate Committee on Commerce, Science, and Transportation, urged senators to ignore needed changes in privacy laws. The privacy coalition took issue with these claims, pointing to the very real privacy harms suffered by consumers online. Currently, most users are unaware of the pervasive nature of online tracking—and have no way to stop it. Helping consumers feel confident in their privacy will encourage innovation in the digital environment, spurring a robust online economy.</p>
<p>Americans’ privacy is under siege in the current online ecosystem. Companies with large troves of sensitive information have suffered data breaches left and right, putting consumers at risk of identity theft. Because much of what we do online is protected First Amendment activity—reading, speaking, writing, associating—we must expect significant government interest in that data as well. Yet users cannot easily block unwanted tracking programs—assuming they know about them in the first place. The letter that EFF signed onto explains the lack of proper privacy protection in current law, the innovative opportunities of pro-privacy technologies, and the importance of updating privacy law to address new trends in technology—<a href="https://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide">supercookies</a> and <a href="https://panopticlick.eff.org/">browser fingerprinting</a>, <a href="https://www.eff.org/issues/location-privacy">location-based services</a>, and <a href="https://www.eff.org/issues/online-behavioral-tracking">behavioral tracking</a>, to name a few.</p>
<p>For example, EFF has supported <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a> technologies and policies that would protect consumers from hidden third parties who track users. The proposed technology is simple: a machine-readable header that tells websites that you do not want to be tracked. On the policy end, EFF has supported a regulatory framework whereby companies respect a consumer's wishes not to be tracked by third-party sites. Do Not Track is a response to the failure of self-regulatory mechanisms to protect consumers from invasive tracking programs by third-party sites.</p>
<p>The pro-privacy letter to the Senate Committee says:</p>
<blockquote><p>The industry groups that wrote to you hope that you will be satisfied with the status quo, that you will ignore the mounting evidence of identity theft and data breaches, and that you will simply allow things to continue as they have. <br />We urge you to reject that view. We are firmly committed to innovation and economic growth and we share the enthusiasm that new technologies and new businesses generate. But it is clear that there must be stronger safeguards in place to protect the interests of consumers and Internet users. The self-regulatory 'notice and choice' approach has simply failed.</p>
</blockquote>
<p>Check out our <a href="https://www.eff.org/files/Privacy_Groups_to_US_Congress.pdf">full letter</a>.</p>
</div></div></div>Thu, 07 Jul 2011 20:47:47 +0000adi61436 at https://www.eff.orgAnnouncementPrivacyCell TrackingDo Not TrackLocational PrivacyOnline Behavioral TrackingHow Would the Kerry-McCain "Commercial Privacy Bill of Rights" Affect State Security and Privacy Laws?https://www.eff.org/deeplinks/2011/05/how-would-kerry-mccain-commercial-privacy-bill
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We’ve <a href="https://www.eff.org/deeplinks/2011/04/well-meaning-privacy-bill-rights-could-codify">previously written</a> about the Kerry-McCain "Commercial Privacy Bill of Rights," which tries to create a general federal privacy framework rooted in the <a href="http://bobgellman.com/rg-docs/rg.FIPshistory.pdf">Fair Information Practices</a> (although we’re not sure how well it succeeds). Currently, federal privacy law is sector-specific, often applying only to certain types of information or certain categories of "covered entities," and thus leaving gaps in privacy protection. A good comprehensive federal privacy law could fill those gaps.</p>
<p>At the same time, privacy advocates are also fans of state privacy laws. States are often privacy innovators. A classic example is California’s pioneering data breach notification law, which helped shed light on just how often (and how badly) holders of our personal data mess up—and has since been copied by many states. There’s still no federal <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Security_breach_notification_laws">breach notification law</a>. </p>
<p>More generally, many states have laws that authorize state officials (and in more limited circumstances, consumers) to bring consumer protection lawsuits against unfair or deceptive trade practices. In California, Business &amp; Professions Code § 17200 can be enforced not only by the state attorney general but also by: 58 county district attorneys; 5 city attorneys (for each of the cities with populations over 750,000); and full-time city attorneys for any of the other 400+ smaller cities (with the consent of the county district attorney). District attorneys across California—Alameda, Los Angeles, Sacramento, San Diego, San Francisco, San Mateo, and Sonoma (to name a few)—have actively used § 17200.</p>
<p>But these powerful state-level laws for protecting consumer privacy might be endangered. Under the U.S. Constitution’s Supremacy Clause, both the Constitution and federal law “shall be the supreme Law of the Land; ... any Thing in the Constitution or Laws of any state to the Contrary notwithstanding.” (Article VI, clause 2) Lawyers call this “preemption” - and it means that the federal law will trump the state law. Congress can expressly preempt state law, but even if Congress doesn’t say so outright, courts may find that a state law is preempted because it conflicts with federal law or because Congress intended to “occupy the field.” </p>
<p>On the other hand, Congress can also expressly set a federal “floor” but allow the states to impose stricter rules. For example, as the legislative history of the Wiretap Act states, “The proposed provision envisions that States would be free to adopt more restrictive legislation, or no legislation at all, but not less restrictive legislation.” S. Rep. No. 1097, at 98 (1968), reprinted in 1968 U.S.C.C.A.N. 2112, 2187.</p>
<p>So an obvious question is how the Kerry-McCain bill addresses state privacy laws. Our main conclusion: Kerry-McCain would preempt many state privacy laws, because § 405(a) of the bill expressly preempts all state laws “relating to” covered entities “to the extent that such provisions relate to the collection, use, or disclosure of” either “covered information” as defined in the bill or “personally identifiable information or personal identification information addressed in provisions of the law of a State.” (There are some carve-outs for state laws concerning the collection, use, or disclosure of health or financial information, required notifications pursuant to a data breach, and state laws that “relate to acts of fraud.” § 405(b)(2).)</p>
<p>The broad scope of preemption results from three factors. First, a comprehensive privacy law—regulating offline as well as online activity—by definition runs into the many state laws that currently protect information privacy. Second, Kerry-McCain isn’t a federal “floor” law like the Wiretap Act. It’s the opposite, setting a federal “ceiling.” So if it were enacted, states would be hampered from passing stronger protections for consumer privacy. Third, Kerry-McCain reaches entities like common carriers and non-profit organizations that the Federal Trade Commission (which under the bill would develop regulations) normally can’t regulate. </p>
<p>Thus, for example, Kerry-McCain likely preempts all state laws that protect the privacy of your phone records. Current California law protects telephone subscribers’ personal calling patterns, including numbers called, from being made available without first obtaining the residential subscriber’s written consent. Cal. Pub. Util. Code § 2891(a), et seq.; Cal. Penal Code § 638(a) (prohibiting any person from purchasing, selling, or offering or conspiring to purchase or sell “any telephone calling pattern records or list, without written consent of the subscriber”). </p>
<p>Such preemption might not be so bad if Kerry-McCain replaced the lost state protection with equivalent federal protection—but it doesn’t. California law provides a private right of action (to sue the telephone company and its employees) under § 2891(e); there’s no private right of action under Kerry-McCain. </p>
<p>The preemptive effect of Kerry-McCain would also affect enforcement of California law more broadly. Recall the earlier discussion of Business &amp; Professions Code § 17200; it may be preempted as well. But even if it’s not, § 405(b) of the bill radically changes the enforcement picture, because of all state officials, only state attorneys general may bring actions that sound “in whole or in part” upon violations of Kerry-McCain—county district attorneys, city attorneys, etc., cannot. Remedies are restricted as well. Actions are authorized only in cases of economic or physical harm. § 403(a)</p>
<p>In short, we think that Kerry-McCain would preempt many state laws and weaken enforcement of those laws that it doesn’t preempt. We think that strips away the hard-won consumer protections many states have enacted, and could prevent new state-level protections from being passed in the future. We hope that the bill can be amended to eliminate these problems.</p>
</div></div></div>Fri, 20 May 2011 19:59:12 +0000tien61383 at https://www.eff.orgLegislative AnalysisPrivacyOnline Behavioral TrackingWell-Meaning "Privacy Bill of Rights" Wouldn't Stop Online Trackinghttps://www.eff.org/deeplinks/2011/04/well-meaning-privacy-bill-rights-could-codify
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>On Tuesday, Senators John McCain and John Kerry introduced the long-awaited <a href="http://kerry.senate.gov/work/issues/issue/?id=74638d00-002c-4f5e-9709-1cb51c6759e6&amp;CFID=79733731&amp;CFTOKEN=26547080">Commercial Privacy Bill of Rights</a>, a sweeping bill that covers online and offline data collection, retention, use, and dissemination practices. Unfortunately, the bill may fall short of what’s needed to protect our privacy.</p>
<p>This bill fails to address many of the issues surrounding pervasive online tracking that have been raised by <a href="https://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide">privacy advocates</a>, explored in the Wall Street Journal’s <a href="http://online.wsj.com/public/page/what-they-know-digital-privacy.html">What They Know series</a>, and highlighted by the FTC’s recent <a href="http://www.ftc.gov/opa/2010/12/privacyreport.shtm">Privacy Report</a>. The bill’s most glaring defect is its emphasis on regulation of information use and sharing, rather than on the collection of data in the first place. For example, the bill would allow a user to opt out of third-party ad targeting based on tracking—but <i>not third-party tracking</i>. The consumer choice provisions in Section 202 apply only to data use—not collection—unless that data is both "sensitive" and "personally identifiable." Moreover, Part III of the bill, which imposes lax limits on collection, cannot be enforced by state Attorneys General. This is backwards: the privacy risk is not in consumers seeing targeted advertisements, but in the unchecked accumulation and storage of data about consumers’ online activities. Collecting and retaining data on consumers can create a rich repository of information—which leaves consumer data vulnerable to a <a href="http://www.privacyrights.org/data-breach">data breach</a> as well as creating an unnecessary enticement for government investigators, civil litigants and even malicious hackers.</p>
<p>The bill also fails to provide meaningful regulation of the more spurious current industry practices because its third-party opt-out wouldn’t cover any site a user has an account with. This "Facebook loophole" seems deliberately designed to preserve existing (and concerning) practices such as the Facebook "like" button, which <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1717563">can track an individual as she moves around the web</a> by placing cookies on her computer even if she isn't logged into Facebook and doesn't click the "like" button. The proposed bill won’t help a user concerned about this practice. A user would surrender any right to opt out of being tracked by Facebook or Google simply by having an account with them.</p>
<p>The bill is also silent on <a href="https://www.eff.org/deeplinks/2011/01/mozilla-leads-the-way-on-do-not-track">Do Not Track</a>—meaning there is no specific proposal for a meaningful, universal browser-based opt-out mechanism that could be respected by all large third-party tracking companies. Under the bill, users may see better notice about the type of tracking taking place and more clear methods of opting out of some of that tracking, but they would still need to opt-out of each third party individually. Users who are hoping for a one-click way of telling companies they don’t want to be tracked online won’t find it in the Kerry-McCain bill.</p>
<p>Consumers also won’t have a private right of action in the new Commercial Privacy Bill of Rights. That means consumers won’t be granted the right to sue companies for damages if the provisions of the Commercial Privacy Bill of Rights are violated. A private right of action is a powerful tool that consumers can use to compel compliance from companies that might otherwise choose not to respect users’ privacy wishes.</p>
<p>Finally, the bill would preempt many state online privacy laws. This means that even if a state enacts legislation that provides consumers with stronger protections for their data, those additional rights would be trumped by federal law. This is especially troublesome because California, long considered a bellwether state for privacy legislation, is currently <a href="http://latimesblogs.latimes.com/technology/2011/04/california-do-not-track-bill-could-leave-the-nation-in-online-privacy-laws.html">considering legislation</a> around Do Not Track.</p>
<p>While EFF applauds efforts to update privacy laws to address the needs and expectations of today’s digital consumers, we can’t help but wish this well-meaning bill provided more comprehensive rights to users. There is a growing public demand for meaningful privacy controls when using the Internet.</p>
<p>As Senator Kerry stated in the press conference after introducing the bill:</p>
<blockquote><p>Companies can harvest our personal information online and keep it for as long as they like. They can sell it without asking permission or even letting you know that they’re selling your own information. You shouldn’t have to be a computer genius in order to be able to opt-out of information sharing.</p></blockquote>
<p>EFF agrees. But a user also shouldn’t have to be a computer genius to opt out of unanticipated or unwanted data collection—which is exactly why we hope Kerry and McCain will amend their bill to provide meaningful control to online users.</p>
</div></div></div>Thu, 14 Apr 2011 20:48:52 +0000rainey61332 at https://www.eff.orgLegislative AnalysisPrivacyOnline Behavioral TrackingWhat Does the "Track" in "Do Not Track" Mean?https://www.eff.org/deeplinks/2011/02/what-does-track-do-not-track-mean
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>There is a lot of discussion about Do Not Track at the moment. The FTC has <a href="https://www.eff.org/deeplinks/2010/12/ftcs-privacy-report-calls-attention-privacy">announced support</a> for the idea; Mozilla has <a href="http://blog.mozilla.com/blog/2011/02/08/mozilla-firefox-4-beta-now-including-do-not-track-capabilities/">added</a> a Do Not Track header option into Firefox betas, and Congresswoman Jackie Speier has <a href="https://speier.house.gov/index.cfm?sectionid=48&amp;itemid=683">introduced a Do Not Track bill</a>. Other proposed privacy legislation, such as Rep. <a href="http://techdailydose.nationaljournal.com/2011/02/rush-reintroduces-privacy-bill.php">Bobby Rush's bill</a>, could also achieve similar objectives. And yesterday, EFF submitted <a href="https://www.eff.org/files/FTCcommentsEFF.pdf">comments</a> urging the Federal Trade Commission to defend online privacy by supporting the header-based Do Not Track feature.</p>
<p>Do Not Track is important because it creates a policy mechanism to augment the privacy enhancing technologies that we currently have. There is an arms race between practical privacy tools and <a href="https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks">ubiquitous online tracking</a>, and we fear that the trackers have <a href="http://samy.pl/evercookie/">powerful</a> <a href="https://panopticlick.eff.org/">techniques</a> that will almost always <a href="http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html">allow them to win the arms race</a> against ordinary people.</p>
<p>Some other anti-tracking technologies have also been discussed a lot recently, including<br />
Microsoft's IE 9 <a href="http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/Default.html">Tracking Protection Lists</a>, and <a href="https://adblockplus.org/">AdBlock Plus</a> with <a href="http://easylist.adblockplus.org/en/">EasyPrivacy</a>. These are great tools, and very much complimentary to the Do Not Track header proposal. We'll be posting about them at greater length soon.</p>
<p>Do Not Track is a technically simple proposal: add a header<a class="see_footnote" id="footnoteref1_ec2hc6c" title=" 1&quot; to save to save 11 bytes on every applicable HTTP request!" href="https://cats.eff.org/deeplinks/2011/02/what-does-track-do-not-track-mean#footnote1_ec2hc6c">1</a> to the messages that browsers and other HTTP clients send when they fetch web pages. The header simply requests that webservers not track the user's behavior. It could be turned on if the user enters "private browsing mode", or if they have enabled a separate configuration setting.</p>
<p>There is more flexibility on the policy side of Do Not Track: "what is tracking?" "what should websites do to avoid tracking users who set the DNT header?" "would any websites be required to comply with the header?</p>
<p>There is a spectrum of good answers to each of these questions. This post will try to set out what we think some of the good answers are.</p>
<h3>What is Tracking?</h3>
<p>Tracking is a very simple, general concept. A good definition would be:</p>
<blockquote><p>Tracking is the retention of information that can be used to connect records of a person's actions or reading habits across space, cyberspace, or time.</p></blockquote>
<p>Despite this simple answer, we believe that there are some kinds of web tracking which — while they are still tracking — may not need to be categorically prohibited when the DNT header is set. A reasonable set of exceptions might be:</p>
<ol><li>Tracking that is limited to a single "1st party"<a class="see-footnote" id="footnoteref1_4rhrya6" title="Standard terminology is that the website you can see in your browser's address bar is the &quot;1st party&quot; and other domains in the hypertext page are &quot;3rd parties&quot;. It would have made more sense to say that you are the 1st party; the website you're looking at is the 2nd party, and embedded domains are 3rd parties." href="#footnote1_4rhrya6">1</a> website (either by the website itself or by an analytics provider subject to suitable contractual and technical protections)</li>
<li>Tracking that is necessary to prevent fraud or respond to security incidents, provided such data is minimized, only kept for as long as necessary, and not used for other purposes.</li>
<li>Tracking of users who have agreed to a clear and non-confusing “opt back in”</li>
<li>Tracking that is necessary to complete an online transaction that the user has engaged in.</li>
</ol><p>The existence of such excepted kinds of tracking does not, of course, mean that websites should not consider respecting DNT where possible in these cases too. For instance, we hope that many 1st party domains will choose to adopt limited logging and retention practices for users who enable DNT. There are other definitions of tracking that have been proposed. For instance, CDT proposed a <a href="https://www.cdt.org/pr_statement/cdt-releases-draft-definition-do-not-track">slightly different draft definition</a>, and our approach is largely in agreement with theirs.<a class="see-footnote" id="footnoteref2_kjw3nyz" title="We think it makes slightly more sense to draw the line at the &quot;retention&quot; of tracking data, rather than &quot;collection and correlation&quot;, because when trying to enforce DNT it's hard to tell the difference between data that is retained and correlated and data that is retained and not correlated." href="#footnote2_kjw3nyz">2</a></p>
<h3>What should websites do in response to the DNT header? Should they be <i>required</i> to comply?</h3>
<p>For most websites, and especially 1st party websites, DNT may make more sense as a voluntary convention, like <a href="http://en.wikipedia.org/wiki/Robots_exclusion_standard">ROBOTS.TXT</a>, rather than a mandatory rule. However, there is a subset of websites where there is a stronger case for requiring compliance with DNT. These are the websites that (1) act as 3rd party tracking domains, invisibly monitoring people's reading habits as they browse the web; and (2) monitor a large number of users' browsing. There are several approaches to incentivizing compliance by large 3rd parties — some commentators have called for pressure in the marketplace via technical means ("if a large 3rd party appears not to be complying with DNT, add it to privacy blacklists"); the Rush bill incentivizes compliance with DNT-style opt outs through a <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Safe_harbor#Legal_definition">"safe harbor"</a>mechanism, while the Speier bill is more direct. We believe that legislation granting narrow authority to the FTC to set opt-out standards could be constructive, provided it focuses on the task of incentivizing compliance with consumers' preferences and avoids mandating particular technical methods of compliance.</p>
<h3>Will a header always be the best mechanism for DNT?</h3>
<p>Not necessarily. Over time, we will have new platforms and protocols to which DNT should apply, and perhaps more granular controls for users to express their preferences. Whatever path we follow for getting DNT deployed by browsers and respected by servers, we should be planning to have opt-out standards that evolve and support innovation.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_4rhrya6"><a class="footnote-label" href="#footnoteref1_4rhrya6">1.</a> Standard terminology is that the website you can see in your browser's address bar is the "1st party" and other domains in the hypertext page are "3rd parties". It would have made more sense to say that you are the 1st party; the website you're looking at is the 2nd party, and embedded domains are 3rd parties.</li>
<li class="footnote" id="footnote2_kjw3nyz"><a class="footnote-label" href="#footnoteref2_kjw3nyz">2.</a> We think it makes slightly more sense to draw the line at the "retention" of tracking data, rather than "collection and correlation", because when trying to enforce DNT it's hard to tell the difference between data that is retained and correlated and data that is retained and not correlated.</li>
</ul></div></div></div>Sat, 19 Feb 2011 23:09:13 +0000pde61271 at https://www.eff.orgCommentaryPrivacyDo Not TrackOnline Behavioral TrackingEFF Urges Commerce Department to Embrace 'Do Not Track'https://www.eff.org/deeplinks/2011/02/eff-urges-commerce-department-embrace-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Support for a <a href="/deeplinks/2011/01/mozilla-leads-the-way-on-do-not-track">browser-header-based "Do Not Track" proposal</a> is building in both the federal government and the private sector, which is good news for Internet users who are concerned about privacy. Friday, EFF submitted <a href="/files/EFF_Comments_to_Commerce.pdf">comments</a> to the Department of Commerce Internet Policy Task Force, urging the department to embrace the system and support legislation that would authorize the Federal Trade Commission to act on Do Not Track.</p>
<p>Do Not Track will help consumers fight against the largely invisible, poorly understood, and continually escalating surveillance of their online activities. Not only would Internet users have the opportunity to opt-out of online tracking for advertising and marketing purposes, but the browser-header-based system would also help increase transparency and understanding by standardizing expectations. We all know that privacy policies on websites are hard to understand at best, making them unhelpful tools when it comes to making decisions about using a site or application. With a Do Not Track system, businesses will have a clear way to know what each consumer expects of them, and force them to disclose practices that are contrary to those expectations.</p>
<p>EFF's comments also strongly supported the Commerce Department's call for reform of the Electronic Communications Privacy Act <a href="https://ilt.eff.org/index.php/Category:ECPA">(ECPA)</a>. EFF is a member of the <a href="http://www.digitaldueprocess.org/">Digital Due Process Coalition</a>, a group dedicated to updating electronic privacy law to adequately address the technological tools of today. EFF asked the Commerce Department to back changes to ECPA that would restrict communications providers' disclosures of information to third-parties, among other requests.</p>
</div></div></div>Tue, 01 Feb 2011 21:45:08 +0000rebecca61257 at https://www.eff.orgNews UpdatePrivacyDo Not TrackOnline Behavioral TrackingMozilla Leads the Way on Do Not Trackhttps://www.eff.org/deeplinks/2011/01/mozilla-leads-the-way-on-do-not-track
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier today, Mozilla <a href="http://online.wsj.com/article/SB10001424052748704213404576100441609997236.html?mod=googlenews_wsj">announced</a> plans to incorporate a Do Not Track feature into their next browser release, Firefox 4.1. Google also <a href="http://googlepublicpolicy.blogspot.com/2011/01/keep-your-opt-outs.html">announced</a> a new privacy extension today, but we believe that Mozilla is now taking a clear lead and building a practical way forward for people who want privacy when they browse the web.</p>
<h3>Why We Need Do Not Track</h3>
<p>Privacy advocates have been calling attention to issues of <a href="https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks">pervasive online tracking</a> for some time. Often intertwined with the issue of <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Behavioral_targeting"> behavioral targeting</a>, online tracking refers to the difficult-to-elude mechanisms by which most or all of our reading and other activities on the Web are recorded by third parties, without our knowledge or permission.</p>
<p>The technical details of online tracking are multifarious. They include <a href="https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_cookie">traditional HTTP cookies</a> as well as <a href="//www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/">flash cookies</a> and <a href="http://samy.pl/evercookie/">many other kinds of supercookies</a>, <a href="//secure.wikimedia.org/wikipedia/en/wiki/Web_bug">web bugs</a>, JavaScript trackers, HTTP Referrers, and <a href="https://www.eff.org/press/archives/2010/05/13">fingerprinting</a>. And new ways to track browsers will continue to be invented. Even consumers who take steps to delete their cookies or use private browsing mode remain <a href="//arstechnica.com/security/news/2010/08/private-browsing-not-so-private.ars">unable</a> to prevent third parties from observing their clickstreams.</p>
<p>Currently, a subset of advertisers offer a mechanism for opting out of behavioral advertising through the <a href="http://www.networkadvertising.org/managing/opt_out.asp">Network Advertising Initiative</a> — a project that has been widely <a href="http://www.worldprivacyforum.org/pdf/WPF_NAI_report_Nov2_2007fs.pdf">criticized</a> for failing to provide consumers with meaningful control. The NAI opt-out suffers from several problems: the biggest is that there is no consistency on what "opt out" means. Some tracking companies recognize that an "opt out" should be an opt out from being tracked, others insist on interpreting the opt out as being an opt out for receiving targeted advertising. In other words, the NAI allows its members to to tell people that they've opted out, when in fact their web browsing is still being observed and recorded indefinitely.</p>
<p>The cookie-based opt-out scheme also suffers from serious technical drawbacks. Some of these are issues of complexity — tracking companies need to opt-in before it can work and new types of cookie need to be created for each of them. There is also the issue of fragility — privacy conscious users delete their cookies regularly, which means the opt-out keeps turning itself off.</p>
<p>The "Keep Your Opt-Outs" Chrome extension <a href="http://googlepublicpolicy.blogspot.com/2011/01/keep-your-opt-outs.html">announced by Google today</a> is an attempt to address that last problem. In that respect it is similar to the <a href="//addons.mozilla.org/en-us/firefox/addon/beef-taco-targeted-advertising/">TACO Firefox Extension</a>, though it doesn't set any opt-out cookies for companies that are not NAI members. It also doesn't fix the other fundamental problems with the NAI's approach: complexity, the lack of a clear signal that can be observed and interpreted by <em>any</em> website, and allowing fake opt-outs that only protect you from targeted advertising but don't prevent any tracking.</p>
<p>For these reasons, we believe that the only sensible way forward for privacy opt-outs is a <a href="http://donottrack.us">Do Not Track header</a>, and we're very pleased to see Mozilla planning to offer this option in their future browser versions.</p>
<h3>How Will Do Not Track Work?</h3>
<p>Every time your computer sends or receives information over the Web, the request begins with some short pieces of information called <a href="https://secure.wikimedia.org/wikipedia/en/wiki/List_of_HTTP_header_fields">headers</a>. These headers include information like what browser you're using, what language your computer is set to, and other technical details. The Do Not Track proposal is to include a simple, machine-readable header indicating that you don't want to be tracked.</p>
<p>The header-based Do Not Track system appeals because it calls for an armistice in the arms race of online tracking. Currently, advertisers constantly invent new ways of tracking consumers and security researchers work to block this tracking with new technology. A header-based Do Not Track model sends out a signal with every online communication indicating a user's preference not to be tracked. This puts the onus on the tracking companies to comply with Do Not Track mechanisms — rather than on the user to discover and counter every type of possible online tracking.</p>
<p>Some important things to note about this proposal:</p>
<ul><li>There is no "list" that consumers need to sign up for. Early discussion of Do Not Track included proposals about a list-based registry of users, similar to the Do Not Call Registry. <b>This proposal does not collect data on consumers in a central list.</b> (Security and privacy researcher Christopher Soghoian has <a href="http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html">more about the history of Do Not Track.</a>)</li>
<li>Consumers won't need to update software for Do Not Track regularly. Early versions of Do Not Track proposed installing software on an individual's computer that listed all the known tracking companies. As more companies were identified, the list would need to be updated. The current proposal does not store a list of companies on your computer and so does not need to be repeatedly updated.</li>
<li>You can still clear your cookies without fear of disrupting the header-based Do Not Track.</li>
<li>The header-based Do Not Track model <a href="http://cyberlaw.stanford.edu/node/6592">won't threaten ad-supported businesses</a>.</li>
</ul><h3>The Next Steps</h3>
<p>EFF will be submitting formal comments to the Federal Trade Commission responding to questions they raised in their <a href="http://www.ftc.gov/opa/2010/12/privacyreport.shtm">privacy report</a>. In the meantime, users should consider using some of the Mozilla Firefox addons that have already incorporated the header-based advertising opt-out. The <a href="https://addons.mozilla.org/en-US/firefox/addon/universal-behavioral-advertisi/">Universal Behavioral Advertising Opt-Out</a> is the easiest way to set the header today, though it is also set by development versions of <a ref="https://adblockplus.org">AdBlock Plus</a> and <a href="http://noscript.net">NoScript</a>, and will be in future stable releases of those extensions. Because many advertisers do not yet respect the header, for the time being, we recommend installing it along side <a href="https://addons.mozilla.org/en-us/firefox/addon/beef-taco-targeted-advertising/">beef TACO</a> and <a href="https://adblockplus.org">AdBlock Plus</a> (with <a href="subscribe?location=https://easylist-downloads.adblockplus.org/easyprivacy.txt&amp;title=EasyPrivacy&amp;requiresLocation=https://easylist-downloads.adblockplus.org/easylist.txt&amp;requiresTitle=EasyList">EasyPrivacy</a>) for the time being.</p>
<p>We plan to continue posting articles that will explore and explain Do Not Track. Our next article will discuss the semantics and server side responses that are appropriate in response to a Do Not Track header. In other words, what does the "Track" in Do Not Track mean?</p>
</div></div></div>Mon, 24 Jan 2011 21:16:39 +0000rainey61250 at https://www.eff.orgCommentaryPrivacyDo Not TrackOnline Behavioral Tracking2010 Trend Watch Update: Congresshttps://www.eff.org/deeplinks/2010/12/2010-trend-watch-update-congress
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>At the beginning of this year EFF identified <a href="https://www.eff.org/deeplinks/2010/01/trends-2010">a dozen important trends</a> in law, technology and business that we thought would play a significant role in shaping digital rights in 2010, with a promise to revisit our predictions at the end of the year. Now, as 2010 comes to a close, we're going through each of our predictions one by one to see how accurate we were in our trend-spotting. Today, we're looking back on Trend #8, Congress, where we predicted:</p>
<blockquote><p><i>In retrospect, 2009 wasn't disastrous for online civil liberties in federal technology law. With Washington entirely distracted by health care reform, a lot of the most problematic proposed federal technology legislation was delayed, postponed or temporarily forgotten.</i></p>
<p>In 2010, we may not be so lucky. Key provisions of the <a href="http://www.eff.org/issues/patriot-act">Patriot Act</a>, having recently been granted a three-month extension, are up for re-authorization before April 1. The Snowe-Rockefeller <a href="http://www.eff.org/deeplinks/2009/09/cybersecurity-act-returns-with-a-fresh-coat-of-paint">Cybersecurity Act</a>, which would grant the President the power to disconnect the Internet, is likely to return sometime in 2010. And, with immigration reform considered a top priority for Congress this year, we can expect to see the national identification card scheme <a href="http://www.eff.org/issues/real-id">REAL ID</a> (or its twin, <a href="http://www.eff.org/deeplinks/2009/08/pass-id-real-id-reanimated">PASS ID</a>) again soon.</p></blockquote>
<p>Admittedly, predicting a tough year in Congress for civil liberties was a no-brainer: As Mark Twain put it, "No man's life, liberty, or property are safe while the legislature is in session." However, other than the disappointing one-year <a href="https://www.eff.org/deeplinks/2010/02/epic-fail-congress-usa-patriot-act-renewed-without">re-authorization of the USA PATRIOT Act</a>--which passed in the Spring with little debate and without a single reform being added to that surveillance law despite a hefty record of demonstrated government abuses--our digital civil liberties actually made it through the Congressional year relatively unscathed. As predicted, cybersecurity remained a hot issue with <a href="http://news.cnet.com/8301-13578_3-20007418-38.html?tag=mncol;title">several</a> <a href="http://news.cnet.com/8301-13578_3-20023464-38.html?tag=mncol;title">bills</a> in play and a lot of overheated rhetoric about the risk to the U.S. from a <a href="http://www.telegraph.co.uk/news/worldnews/northamerica/usa/7691500/Cyber-attack-could-fell-US-within-15-minutes.html">"electronic pearl harbor"</a>, but no bill passed. And, happily contrary to our predictions, plans for a national ID card appear to have <a href="http://www.cato-at-liberty.org/real-id-continues-its-long-slow-failure/">stalled</a>, hopefully permanently. </p>
<p>The biggest threat to online freedom this year came in a form we didn't expect: Senator Leahy's <a href="https://www.eff.org/coica">Combating Online Infringements and Counterfeits Act</a> ("COICA") internet censorship and copyright bill, which was unanimously approved by the Senate Judiciary Committee despite <a href="https://www.eff.org/deeplinks/2010/11/case-against-coica">fierce opposition from EFF</a> and others. That bill or something like it will certainly rear its head early in the new year. We also got a preview of perhaps the biggest Congressional battle for civil libertarians in 2011 when the FBI made clear its intention to seek an expansion of its wiretapping capabilities next year through an expansion of <a href="https://www.eff.org/issues/calea">CALEA</a>, the Communications Assistance for Law Enforcement Act. That law currently requires phone companies, broadband carriers and interconnected VOIP providers to design their systems to be easily wiretappable by the government. Now, the FBI wants to expand that surveillance tech mandate to require <a href="https://www.eff.org/deeplinks/2010/09/government-seeks">surveillance backdoors for all Internet communications</a>, with particularly <a href="https://www.eff.org/deeplinks/2010/10/eight-epic-failures-regulating-cryptography">grave implications</a> for the privacy of encrypted communications.</p>
<p>But there were also some bright spots in the Congressional record this year that point toward good things in 2011. First, Representative Bobby Rush <a href="http://www.house.gov/list/press/il01_rush/pr_100719_best_practices_act.shtml">introduced a broad consumer privacy protection bill</a> that <a href="http://thehill.com/blogs/hillicon-valley/technology/123197-intel-microsoft-ebay-support-rushs-privacy-bill-while-noting-concerns-">garnered support</a> not only from privacy advocates but even some major online businesses like Microsoft and eBay, and as chairman of the House Commerce Subcommittee he also held a <a href="http://energycommerce.house.gov/index.php?option=com_content&amp;view=article&amp;id=2147:hearing-on-do-not-track-legislation-is-now-the-right-time&amp;catid=129:subcommittee-on-commerce-trade-and-consumer-protection&amp;Itemid=70">hearing</a> on the possibility of legislation to support a <a href="http://donottrack.us/">"Do Not Track"</a> technology to give online consumers control over how they are monitored online, setting up online consumer privacy as a major issue for the next session. In another positive development, EFF teamed up with other civil liberties organizations and major internet companies to form the <a href="https://www.eff.org/press/archives/2010/03/30">Digital Due Process</a> ("DDP") coalition and press Congress to update the antiquated Electronic Communications Privacy Act of 1986 ("ECPA"). Working with the DDP coalition, EFF is pushing Congress to make clear that if the government wants to secretly seize the contents of your webmail account or enlist the phone company to track the location of your cell phone, it needs to have a search warrant based on probable cause. Prompted by the debut of <a href="http://www.digitaldueprocess.org/index.cfm?objectid=99629E40-2551-11DF-8E02000C296BA163">the DDP coalition's principles</a>, <a href="http://judiciary.house.gov/hearings/hear_100505_1.html">Congress</a> <a href="http://judiciary.house.gov/hearings/hear_100624.html">held</a> <a href="http://judiciary.senate.gov/hearings/hearing.cfm?id=4776">four</a> <a href="http://judiciary.house.gov/hearings/hear_100923.html">hearings</a> on the issue of ECPA reform in 2010, with reform bills expected in the New Year.</p>
</div></div></div>Wed, 22 Dec 2010 23:29:52 +0000bankston61215 at https://www.eff.orgNews RoundupFree SpeechFair UsePATRIOT ActPrivacyCALEACell TrackingReal IDOnline Behavioral TrackingSOPA/PIPA: Internet Blacklist LegislationCommerce Department's Online Privacy Report a Positive Step, But Self-Regulation Isn't Enoughhttps://www.eff.org/deeplinks/2010/12/commerce-departments-online-privacy-report
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Online privacy continues to be a hot topic in Washington, D.C. A few weeks ago, the Federal Trade Commission (FTC) issued a <a href="http://www.ftc.gov/opa/2010/12/privacyreport.shtm">staff report</a> calling for greater protection of online consumer privacy. A House subcommittee <a href="http://abcnews.go.com/Technology/internet-privacy-track-laws-considered-congress-federal-trade/story?id=12296515">heard testimony</a> on the increasingly popular idea of “do not track” for the Internet. Soon thereafter, Microsoft announced a new <a href="http://paranoia.dubfire.net/2010/12/initial-thoughts-on-microsofts-ie9.html">tracking protection mechanism</a> for Internet Explorer 9.</p>
<p>Yesterday, the Department of Commerce chimed in with its own <a href="http://www.commerce.gov/blog/2010/12/16/released-policy-framework-protecting-consumer-privacy-online-while-supporting-innova">“green paper”</a> on online privacy, which echoes many of the concerns we’ve discussed here—in particular, the enormous gap between consumer privacy expectations and business reality in the online environment, where increasingly sophisticated yet largely <a href="https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks">hidden tracking mechanisms</a> are routinely deployed against the general public. Everyone agrees that there’s a problem.</p>
<p>However, there’s still no agreement on what should be done about it. To its credit, the Commerce Department (and many of the companies that commented on the original notice of inquiry) strongly supported greater adherence to the well-known Fair Information Practice Principles. We were also glad to see that the Commerce Department expressly discussed the need to reform the Electronic Communications Privacy Act given the rise of cloud computing and growing concern about law enforcement access to data traversing or stored by service providers, consistent with the goals of the <a href="https://www.eff.org/press/archives/2010/03/30">Digital Due Process</a> coalition that EFF is helping to steer.</p>
<p>But the Commerce Department seems reluctant to endorse enforceable consumer privacy rules, even though many commenting companies (and others) supported broad federal privacy legislation that could fill existing holes in commercial data privacy law. While acknowledging the need for FTC enforcement as a backstop, the green paper instead recommends the creation of a Privacy Policy Office within the Commerce Department that would help develop voluntary privacy codes of conduct within a multi-stakeholder negotiation process. </p>
<p>We think that approach has serious problems. Agency rulemaking is by no means ideal, but it is governed by law and yields legal rules subject to judicial review based on a defined administrative record. Multi-stakeholder negotiation is more political, and such a political consensus may only lead to general principles that are hard to enforce. It’s also less accountable to the facts; we’re concerned about how it would get verifiable information about commercial surveillance technologies, practices and data flows. Nor is it clear that businesses would follow voluntary codes of conduct. Multi-stakeholder negotiation may have a place within agency rulemaking, but it doesn’t strike us as a substitute for enforceable rules. </p>
<p>We expect to comment on the green paper, and encourage others to as well. Comments are due Jan. 28, 2011 and can be submitted to privacynoi2010@ntia.doc.gov.</p>
</div></div></div>Fri, 17 Dec 2010 21:14:43 +0000tien61209 at https://www.eff.orgCommentaryPrivacyOnline Behavioral Tracking